Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2293
Views
0
Helpful
0
Comments

NAT with PAT overloads work on the PIX Firewall

TCC_2
Level 10
Level 10

‎06-22-2009 05:08 PM - edited ‎03-08-2019 06:22 PM

Resolution

If both a Network Address Translation (NAT) pool and a Port Address Translation (PAT) address are defined in the PIX Firewall configuration, then the PIX uses all available addresses in the NAT pool (starting with the lowest IP address) before using the PAT address. If addresses from the NAT pool free up, the PIX goes back to using them. If multiple NAT pools are defined, then all NAT addresses are used before the PAT address is used. Additionally, multiple PAT addresses can be defined, and the second PAT address is used only when the first address runs out of ports.

Refer to these examples:

  • NAT all internal addresses and overload on the PAT address.    

    In this example, once the global pool is exhausted, all other translations use the PAT (192.168.1.15) address.

    nat (inside) 1 0.0.0.0 0.0.0.0
    global (outside) 1 192.168.1.2 192.168.1.14 netmask 255.255.255.0
    global (outside) 1 192.168.1.15 
       
  • Two NAT pools defined with a PAT overload address.   

    In this example, once both NAT pools are exhausted, additional translations use the PAT (192.168.1.30) address.

    nat (inside) 1 0.0.0.0 0.0.0.0
    global (outside) 1 192.168.1.2 192.168.1.14 netmask 255.255.255.0
    global (outside) 1 192.168.2.17 192.168.2.29 netmask 255.255.255.0
    global (outside) 1 192.168.1.30  

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents