Re: Can I Configure a NAT Pool on a PIX Firewall in a Range of C

admin_2 · ‎06-24-2002

I am running PIX Firewall Software version 5.0.3.

For example, can I do:

<pre>

nat pool 172.30.0.0 255.255.0.0

</pre>

but exclude:

<pre>

172.30.16.0 255.255.255.0

</pre>

Report Inappropriate Content · ‎06-24-2002

No, you cannot exclude a certain class C address range from the class B address range. But you can

use the appropriate network mask to achieve the same result. For processing efficiency, you should

reorder from least specific to more specific. Consult the following example:

nat (inside) 1 172.30.0.0 255.255.240.0

nat (inside) 1 172.30.17.0 255.255.255.0

nat (inside) 1 172.30.18.0 255.255.255.0

nat (inside) 1 172.30.19.0 255.255.255.0

nat (inside) 1 172.30.20.0 255.255.252.0

nat (inside) 1 172.30.24.0 255.255.248.0

nat (inside) 1 172.30.30.0 255.255.128.0

nat (inside) 1 172.30.128.0 255.255.128.0

Can I Configure a NAT Pool on a PIX Firewall in a Range of Class B Addresses and Exclude a Range of Class C Addresses ?