https://community.cisco.com/t5/network-security/overloading-an-ip-address-on-pix-525/m-p/8533#M697942 <HTML><HEAD></HEAD><BODY><P>Don't think so. Its NAT doesn't quite behave the same</P><P>on a Pix as is does on a router. If you have some</P><P>address limitations, do this:</P><P>set up a global pool but don't use all the registered</P><P>addresses. </P><P>save a registered address for Port Address Translation. There should be an example in the book</P></BODY></HTML> Thu, 14 Jun 2001 20:03:48 GMT millerv 2001-06-14T20:03:48Z https://community.cisco.com/t5/network-security/overloading-an-ip-address-on-pix-525/m-p/8532#M697930 <P>Can you overload an external IP address on the PIX 525?</P> Fri, 21 Feb 2020 05:48:21 GMT https://community.cisco.com/t5/network-security/overloading-an-ip-address-on-pix-525/m-p/8532#M697930 mbettis 2020-02-21T05:48:21Z https://community.cisco.com/t5/network-security/overloading-an-ip-address-on-pix-525/m-p/8533#M697942 <HTML><HEAD></HEAD><BODY><P>Don't think so. Its NAT doesn't quite behave the same</P><P>on a Pix as is does on a router. If you have some</P><P>address limitations, do this:</P><P>set up a global pool but don't use all the registered</P><P>addresses. </P><P>save a registered address for Port Address Translation. There should be an example in the book</P></BODY></HTML> Thu, 14 Jun 2001 20:03:48 GMT https://community.cisco.com/t5/network-security/overloading-an-ip-address-on-pix-525/m-p/8533#M697942 millerv 2001-06-14T20:03:48Z https://community.cisco.com/t5/network-security/overloading-an-ip-address-on-pix-525/m-p/8534#M697955 <HTML><HEAD></HEAD><BODY><P>There are a few things to consider when using PAT: </P><P></P><P>The IP addresses you specify for PAT cannot be in another global address pool. </P><P></P><P>PAT does not work with H.323 applications and caching nameservers. PAT works with Domain Name Service (DNS), FTP and passive FTP, HTTP, mail, remote-procedure call (RPC), rshell, Telnet, URL filtering, and outbound traceroute. </P><P></P><P>Do not use PAT when multimedia applications need to be run through the firewall. Multimedia applications can conflict with port mappings provided by PAT. </P><P></P><P>In PIX software release 4.2(2), the PAT feature did not work with IP data packets that arrived in reverse order. This problem is corrected in release 4.2(3). </P><P></P><P>IP addresses in the pool of global addresses specified with the global command require reverse DNS entries to ensure that all external network addresses are accessible through the PIX. To create reverse DNS mappings, use a DNS Pointer (PTR) record in the address-to-name mapping file for each global address. Without the PTR entries, sites can experience slow or intermittent Internet connectivity and FTP requests fail consistently. </P><P>For example, if a global IP adddress is 175.1.1.3 and the domain name for the PIX firewall is pix.caguana.com, the PTR record would be:</P><P></P><P>3.1.1.175.in-addr.arpa. IN PTR pix3.caguana.com </P><P>4.1.1.175.in-addr.arpa. IN PTR pix4.caguana.com &amp; so on.</P><P></P><P></P></BODY></HTML> Thu, 14 Jun 2001 22:01:48 GMT https://community.cisco.com/t5/network-security/overloading-an-ip-address-on-pix-525/m-p/8534#M697955 javedmma 2001-06-14T22:01:48Z