06-14-2001 12:42 PM - edited 02-20-2020 09:48 PM
Can you overload an external IP address on the PIX 525?
06-14-2001 01:03 PM
Don't think so. Its NAT doesn't quite behave the same
on a Pix as is does on a router. If you have some
address limitations, do this:
set up a global pool but don't use all the registered
addresses.
save a registered address for Port Address Translation. There should be an example in the book
06-14-2001 03:01 PM
There are a few things to consider when using PAT:
The IP addresses you specify for PAT cannot be in another global address pool.
PAT does not work with H.323 applications and caching nameservers. PAT works with Domain Name Service (DNS), FTP and passive FTP, HTTP, mail, remote-procedure call (RPC), rshell, Telnet, URL filtering, and outbound traceroute.
Do not use PAT when multimedia applications need to be run through the firewall. Multimedia applications can conflict with port mappings provided by PAT.
In PIX software release 4.2(2), the PAT feature did not work with IP data packets that arrived in reverse order. This problem is corrected in release 4.2(3).
IP addresses in the pool of global addresses specified with the global command require reverse DNS entries to ensure that all external network addresses are accessible through the PIX. To create reverse DNS mappings, use a DNS Pointer (PTR) record in the address-to-name mapping file for each global address. Without the PTR entries, sites can experience slow or intermittent Internet connectivity and FTP requests fail consistently.
For example, if a global IP adddress is 175.1.1.3 and the domain name for the PIX firewall is pix.caguana.com, the PTR record would be:
3.1.1.175.in-addr.arpa. IN PTR pix3.caguana.com
4.1.1.175.in-addr.arpa. IN PTR pix4.caguana.com & so on.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide