cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
361
Views
0
Helpful
3
Replies

global statement

ahensel
Level 1
Level 1

have a netmask question as it pertains to global statements. as an example, if i configure a global statement such as global (outside) 1 192.168.50.40 netma k 255.255.255.248, will 192.168.5.47 be included in the pool?

1 Accepted Solution

Accepted Solutions

scoclayton
Level 7
Level 7

Well, the statement above that you listed is a PAT translation...meaing, there is no pool. Just the single address. So, to answer your question, no, .47 will not be included.

However, let's assume you meant to say something like this:

global (outside) 1 192.168.50.40-192.168.50.47 netmask 255.255.255.248

In this case, yes, .47 will be used as part of the NAT pool so make sure this is what you want to do. In other words, you probably do no want to do this if there is a chance that the upstream router migh treat this address as a destination address when the remote host reponded.

Scott

View solution in original post

3 Replies 3

ehirsel
Level 6
Level 6

I do not believe so. From the pix 6.3 command ref for the global command:

no] global [(if_name)] nat_id {global_ip [-global_ip] [netmask global_mask]} | interface

The network mask for global_ip. If subnetting is in effect, use the subnet mask; for example, 255.255.255.128. If you specify an address range that overlaps subnets, global will not use the broadcast or network addresses in the pool of global addresses. For example, if you use 255.255.255.224 and an address range of 209.165.201.1-209.165.201.30, the 209.165.201.31 broadcast address and the 209.165.201.0 network address will not be included in the pool of global addresses.

Thus the .47 and the .40 addresses will not be included in the pool.

scoclayton
Level 7
Level 7

Well, the statement above that you listed is a PAT translation...meaing, there is no pool. Just the single address. So, to answer your question, no, .47 will not be included.

However, let's assume you meant to say something like this:

global (outside) 1 192.168.50.40-192.168.50.47 netmask 255.255.255.248

In this case, yes, .47 will be used as part of the NAT pool so make sure this is what you want to do. In other words, you probably do no want to do this if there is a chance that the upstream router migh treat this address as a destination address when the remote host reponded.

Scott

got it. thanks for your input.