Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
721
Views
0
Helpful
3
Replies

Multiple Global/Nat Statements

unionbancorpit
Community Member

‎07-08-2005 08:27 AM - edited ‎03-09-2019 11:47 AM

My PIX has three 'outside' interfaces.

global (out1) 1 interface

global (out1) 2 x.x.x.x netmask 255.255.255.240

global (out2) 1 interface

global (out2) 2 x.x.x.x netmask 255.255.255.248

global (out3) 1 interface

global (out3) 2 x.x.x.x netmask 255.255.255.248

nat () 0 access-list ipsec_vpn

nat (inside) 2 10.20.0.0 255.255.0.0

nat (inside) 1 10.16.0.0 255.255.0.0

Everything is working fine for out1 and out2. I need both nat 1 and nat 2 to use global (out3) interface.

I've tried entering

global (out3) 1 interface

global (out3) 2 interface

but it tells me that the interface is already assigned.

I tried this

nat (inside) 3 10.0.0.0 255.0.0.0

global (out3) 3 interface

that didn't work either. Can this be done? Thanks.

Labels:
0 Helpful
3 Replies 3

harishtandon23
Level 3
Level 3

‎07-08-2005 09:32 AM

Hello!

Pix is saying right, as it is already assigned. When you put the following command.

global (out3) 1 interface. it means it is going to use the ipaddress assigned to outside3 interface for transalation. Since you have already assgined it before in the configuration. it can't be used again. Rather you can try the following command if you have already used the interface for transalation.

global (out3) 1

Where, is the free ip address on the outside 3 interface pool.

If you have any questions, please feel free to contact me.

Thanks & Regards,

Harish Tandon

harishtandon23@gmail.com

0 Helpful

unionbancorpit
Community Member
In response to harishtandon23

‎07-08-2005 11:17 AM

I have that working but the connection at the other end of this interface only accepts connections from one IP address - which is assigned to the interface of the PIX. Right now if a users needs access to the system and they are on the wrong network we have been changing their vlan membership so they can connect - it works but it is not a long term solution.

0 Helpful

harishtandon23
Level 3
Level 3
In response to unionbancorpit

‎07-10-2005 01:34 AM

If you tell me in details as to what all you want to nat from and to what all interface. I will give the permanent solution. In order to do that, i need complete information as to what you are trying to accomplish with regards to nat from inside to all three outside interfaces.

If you have any questions, please feel free to contact me.

Thanks & Regards,

Harish Tandon

harishtandon23@gmail.com

0 Helpful
Customers Also Viewed These Support Documents