Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
441
Views
0
Helpful
7
Replies

NAT/PAT problem

a999
Level 1
Level 1

‎10-17-2003 08:58 AM - edited ‎03-09-2019 05:11 AM

My pix have 3 interfaces:inside,outside and dmz.I have configured multi-PAT between inside and outside via saming NAT ID.But now I want translate all my internal network addresses to dmz with ONE PAT address with following command:

(conf)#nat (inside) nat_id 0 0

(conf)#global (dmz) nat_id xx.xx.xx.xx

The result is if the internal address has been added to the nat (inside -> outside), it can't reach the dmz.But the static and other internal address can work.Why?

Does nat conflict with different NAT ID translate?

Labels:
0 Helpful
7 Replies 7

nkhawaja
Cisco Employee
Cisco Employee

‎10-17-2003 11:05 AM

Hi,

This should not be the case and the following should work

nat (inside) 25 0 0

global (outside) 25 10.10.10.10

global (dmz) 25 20.20.20.20

Have you tried clearing the translation (clear xlat)?

Thanks

Nadeem

0 Helpful

a999
Level 1
Level 1
In response to nkhawaja

‎10-17-2003 11:51 PM

Thanks for answering.If the configuration like follow:

nat(inside) 25 0 0

nat(inside) 26 10.10.1.0 255.255.255.0

nat(inside) 27 10.10.2.0 255.255.255.0

global (outside) 25 10.10.10.10

global (outside) 26 10.10.10.11

global (outside) 27 10.10.10.12

global (dmz) 25 20.20.20.20

I would like using only one PAT address in dmz for addressing saving.But the address in net 10.10.1.0/24&10.10.2.0/24 can't reach the dmz.

can you give me some advise for resloving the problem?

Thanks.

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to a999

‎10-18-2003 10:15 AM

Hi,

Try to add the following two as well

global(dmz) 26 20.20.20.20

global(dmz) 27 20.20.20.20

I hope this should fix the issue.

Thanks

Nadeem

0 Helpful

a999
Level 1
Level 1
In response to nkhawaja

‎10-18-2003 11:58 PM

Hi,I try to add just like your advise,but the system info:global for this range already exists. So can't use one global address for multi-translation.I use pixos 6.3.3.

0 Helpful

lwierenga
Level 1
Level 1
In response to a999

‎10-19-2003 01:30 AM

If you only have one NAT pool defined then this could be a problem.

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to a999

‎10-19-2003 11:19 AM

Hi,

You are right, it is not letting add these globals

global(dmz) 26 20.20.20.20

global(dmz) 27 20.20.20.20

then try to add these

global (dmz) 26 20.20.20.21

global (dmz) 27 20.20.20.22

I hope this will help

Thanks

Nadeem

0 Helpful

a999
Level 1
Level 1
In response to nkhawaja

‎10-21-2003 08:04 AM

hi,thanks for your advises.At the last, I had to do just like what you said,allocate many REAL ip address for inside usres visiting dmz.

0 Helpful
Customers Also Viewed These Support Documents