NAT with single outside address

dshinnick2 · ‎10-05-2005

I'm an instructor creating labs for a PIX class. I'd like to illustrate NAT with only a single public address. I'd like to prevent PAT from kicking in, so only the first inside machine to connect out gets the use of the public IP; any others would be denied. Does the PIX do this, or does it automatically use PAT when it gets to the last IP address. And, if I can prevent PAT, how would I do it?

thanks-

dave

jackko · ‎10-05-2005

it depends whether the public ip is being shared with pix outside interface ip.

e.g.

ip address outside 255.255.255.248

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

with the commands above, the public ip is shared between the pix outside int and the nat.

so, with your case, you probably want to do this:

ip address outside 255.255.255.248

global (outside) 1

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

with the commands above, you would need two public ip.

dshinnick2 · ‎10-05-2005

Thanks so much! I'll have'ta chew on that for awhile.....

dave

jackko · ‎10-15-2005

just wondering how you go.