Solved: How to know if I am using NAT and or PAT for internet connections

agrayson · ‎08-17-2004

Hello

I have a PIX 525 6.3 and I have a dumb question ...I do a show xlate and I can see that I am using PAT for internet connections....The old FW guy says we are Nating for the internet. what command can I run to confirm this...because looks like to me we are using PAT and not NAT for internet connections. I am te Cisco router and switch Engineer but I now have the PIX responsibilty and I want to make sure everything is correct.

Thanks

jmia · ‎08-17-2004

No question is a DUMB question!!

Issue cmd: sho xlate detail and also sho conn detail and this will show you what your looking for.

Hope this helps

Jay

View solution in original post

jmia · ‎08-17-2004

Have got on you pix config:

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

If so, then you are using NAT on your inside network mapped to a public (global) address, in the above, to one public ip address.

And issuing cmd sho nat and sho global on the FW will let you know too.

Hope this helps

Jay

agrayson · ‎08-17-2004

Jay

Thanks...told you was dumb and yes I have that statement...I understand ...I guess I was wanting a way to look at the NAT pool and see the private IP> then >NAT IP then >global IP ..ie 192.168.16.2>10.1.1.1.1>199.72.86.177...is that possible?

Thanks again

piseli · ‎08-17-2004

Here is a configuration example:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_note09186a00800b6e1a.shtml

Commands:

pix# sh nat

nat (inside) 1 192.168.1.0 255.255.255.0 0 0

# allows 192.168.1.0 network to use nat/global "1"

pix# sh global

global (outside) 1 interface

# allows all 192.168.1.0 host to PAT to the outside IP address.

global (outside) 1 199.199.199.0 netmask 255.255.255.0

# example of a NAT Class C Range of Addresses

You can also have a mix of for example 10 NAT addresses and after that a second statement with PAT which would look like that:

global (outside) 1 111.1.1.16-111.1.1.31 netmask 255.255.255.240

global (outside) 1 interface

nat (inside) 1 192.168.1.0 255.255.255.0 0 0

hope it helps

timbola75 · ‎08-18-2004

pix# sh global

global (outside) 1 interface

# allows all 192.168.1.0 host to PAT to the outside IP address.

global (outside) 1 199.199.199.0 netmask 255.255.255.0

# example of a NAT Class C Range of Addresses

If you have your "global (outside) 1 interface" statement, why would you add the global (outside) 1 199.199.199.0 netmask 255.255.255.0" statement? I was under the impression that the global (outside) 1 interface is used when you want to NAT everything to your outside IP.

dyablo · ‎08-19-2004

PAT has a practical limit of ~ 4000 inside hosts. You can back up your PAT address by configuring multiple globals with the same nat ID

jmia · ‎08-17-2004

No question is a DUMB question!!

Issue cmd: sho xlate detail and also sho conn detail and this will show you what your looking for.

Hope this helps

Jay

agrayson · ‎08-18-2004

Jay

Thanks thats what I was looking for.