Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
0
Helpful
1
Replies

PAT question

kope
Level 1
Level 1

‎10-27-2011 08:59 AM - edited ‎03-11-2019 02:43 PM

i have a 192.168.1.0/24 address behind the firewall of an ASA. they only want to translate the half of the /24 address as a routable ip, the rest of the addresses (/25) will not be translated.

Would this work as below?

global (outside) 1 interface

nat (inside) 1 192.168.1.0 255.255.255.128

nat (inside) 0 0.0.0.0 0.0.0.0

Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎10-27-2011 09:30 AM

Hello Kope,

If you just need to do Pat for 128 addresses the Nat configuration should be like this:

global (outside) 1 interface

nat (inside) 1 192.168.1.0 255.255.255.128

The Nat 0 is going to be taken in consideration first and it is going to mach all the inside users so no one is going to have internet access, that is why you just need the nat for the half of the /24 range and the global.

Hope you have a great day,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card