11-21-2004 06:25 PM - edited 03-09-2019 09:31 AM
have a netmask question as it pertains to global statements. as an example, if i configure a global statement such as global (outside) 1 192.168.50.40 netma k 255.255.255.248, will 192.168.5.47 be included in the pool?
Solved! Go to Solution.
11-21-2004 06:47 PM
Well, the statement above that you listed is a PAT translation...meaing, there is no pool. Just the single address. So, to answer your question, no, .47 will not be included.
However, let's assume you meant to say something like this:
global (outside) 1 192.168.50.40-192.168.50.47 netmask 255.255.255.248
In this case, yes, .47 will be used as part of the NAT pool so make sure this is what you want to do. In other words, you probably do no want to do this if there is a chance that the upstream router migh treat this address as a destination address when the remote host reponded.
Scott
11-21-2004 06:34 PM
I do not believe so. From the pix 6.3 command ref for the global command:
no] global [(if_name)] nat_id {global_ip [-global_ip] [netmask global_mask]} | interface
The network mask for global_ip. If subnetting is in effect, use the subnet mask; for example, 255.255.255.128. If you specify an address range that overlaps subnets, global will not use the broadcast or network addresses in the pool of global addresses. For example, if you use 255.255.255.224 and an address range of 209.165.201.1-209.165.201.30, the 209.165.201.31 broadcast address and the 209.165.201.0 network address will not be included in the pool of global addresses.
Thus the .47 and the .40 addresses will not be included in the pool.
11-21-2004 06:47 PM
Well, the statement above that you listed is a PAT translation...meaing, there is no pool. Just the single address. So, to answer your question, no, .47 will not be included.
However, let's assume you meant to say something like this:
global (outside) 1 192.168.50.40-192.168.50.47 netmask 255.255.255.248
In this case, yes, .47 will be used as part of the NAT pool so make sure this is what you want to do. In other words, you probably do no want to do this if there is a chance that the upstream router migh treat this address as a destination address when the remote host reponded.
Scott
11-21-2004 07:17 PM
got it. thanks for your input.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide