https://community.cisco.com/t5/network-security/basic-nat-pat-configuration-question/m-p/776950#M980188 <HTML><HEAD></HEAD><BODY><P>best practice is the following:</P><P></P><P>nat (inside) 1 0 0</P><P>global (outside) 1 interface</P><P></P><P></P><P>you literally use the keyword 'interface' in the global command. it will use the outside interface IP, no matter what it is. you could also just use the outside IP there though. both accomplish NAT overloading / PAT.</P></BODY></HTML> Wed, 23 May 2007 16:33:08 GMT srue 2007-05-23T16:33:08Z https://community.cisco.com/t5/network-security/basic-nat-pat-configuration-question/m-p/776949#M980186 <P>I want to configure a PIX 501 firewall for NAT - or more accurately PAT.</P><P></P><P>I want all inside users to be able to access the Internet using their non-routable IP adresses that the PIX will translate at the perimeter.</P><P></P><P>I only have one public IP address available.</P><P></P><P>I do not have a range as shown in the example below from:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/examples.htm#xtocid2" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/examples.htm#xtocid2</A></P><P></P><P>Start of example</P><P></P><P>nat (inside) 1 0 0</P><P></P><P>global (outside) 1 209.165.201.10-209.165.201.30</P><P></P><P>global (outside) 1 209.165.201.8</P><P></P><P>"Create a pool of global addresses that translated addresses use when they exit the firewall from the protected networks to the unprotected networks. The global command statement is associated with a nat command statement by the NAT ID, which in this example is 1. Because there are limited IP addresses in the pool, a PAT (Port Address Translation) global is added to handle overflow."</P><P></P><P>End of example</P><P></P><P>So, in my case, can I simply use the second global line to attain my objective?</P><P></P><P>Also, do I need to configure particular access-list entries in this case or will the PIX take care of everything automatically?</P><P></P><P>Thank you,</P><P></P><P>David</P> Mon, 11 Mar 2019 10:19:01 GMT https://community.cisco.com/t5/network-security/basic-nat-pat-configuration-question/m-p/776949#M980186 DAVMAC111 2019-03-11T10:19:01Z https://community.cisco.com/t5/network-security/basic-nat-pat-configuration-question/m-p/776950#M980188 <HTML><HEAD></HEAD><BODY><P>best practice is the following:</P><P></P><P>nat (inside) 1 0 0</P><P>global (outside) 1 interface</P><P></P><P></P><P>you literally use the keyword 'interface' in the global command. it will use the outside interface IP, no matter what it is. you could also just use the outside IP there though. both accomplish NAT overloading / PAT.</P></BODY></HTML> Wed, 23 May 2007 16:33:08 GMT https://community.cisco.com/t5/network-security/basic-nat-pat-configuration-question/m-p/776950#M980188 srue 2007-05-23T16:33:08Z https://community.cisco.com/t5/network-security/basic-nat-pat-configuration-question/m-p/776951#M980189 <HTML><HEAD></HEAD><BODY><P>Thanks for the answer!</P><P></P><P>Does the result look right (I'm going to test it now)?</P><P></P><P>pixfw(config)# nat (inside) 1 0 0</P><P>pixfw(config)# show nat</P><P>nat (inside) 1 0.0.0.0 0.0.0.0 0 0</P><P>pixfw(config)# global (outside) 1 interface</P><P>outside interface address added to PAT pool</P><P>pixfw(config)# show global</P><P>global (outside) 1 interface</P><P></P></BODY></HTML> Thu, 24 May 2007 12:21:17 GMT https://community.cisco.com/t5/network-security/basic-nat-pat-configuration-question/m-p/776951#M980189 DAVMAC111 2007-05-24T12:21:17Z