Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
394
Views
0
Helpful
2
Replies

Explanation on NAT Statement

Go to solution
kuldeep.kaur
Level 1
Level 1

‎03-06-2011 02:02 PM - edited ‎03-11-2019 01:01 PM

Hi Guys,

What does the following statement means on the pix firewall ? For example

global (outside) 2 67.75.236.193-67.75.236.194 netmask 255.255.255.240

Does the above mean that we have got two address 67.75.236.193 and 67.75.236.194 for the firewall to use for natting. (I know about what 2 means in the statement).

Tks

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5

‎03-06-2011 02:07 PM

That means that the source network that falls under your nat will be able to get translated to those two addresses only. If you have 10 inside hosts trying to go out to the internet only two will be able to do it at the same time since they are all sharing the two global addresses.

Is that clear?

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎03-06-2011 02:08 PM

You are absolutely correct.

Only 2 ip addresses can be used for NATing and if you have any subsequent packet that needs to be translated, then it will fail unless if you configure PAT, eg:

global (outside) 2 interface

OR/


global (outside) 2 67.75.236.195

View solution in original post

0 Helpful
2 Replies 2

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5

‎03-06-2011 02:07 PM

That means that the source network that falls under your nat will be able to get translated to those two addresses only. If you have 10 inside hosts trying to go out to the internet only two will be able to do it at the same time since they are all sharing the two global addresses.

Is that clear?

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎03-06-2011 02:08 PM

You are absolutely correct.

Only 2 ip addresses can be used for NATing and if you have any subsequent packet that needs to be translated, then it will fail unless if you configure PAT, eg:

global (outside) 2 interface

OR/


global (outside) 2 67.75.236.195

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card