[c-nsp] Pix nat
Voll, Scott
Scott.Voll at wesd.org
Fri Jul 21 12:02:03 EDT 2006
Thanks.... I was just trying to get the concept. Yes I was going to add
PAT addresses.
Thanks again.
Scott
-----Original Message-----
From: Andrew Yourtchenko [mailto:ayourtch at gmail.com]
Sent: Friday, July 21, 2006 8:59 AM
To: Voll, Scott
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Pix nat
It is best match. However, for the second global pool you might want
to include a few PAT addresses as well - else you assign one address
from the pool per client, and when you run out of that, the remaining
clients will not be able to get any new translations.
thanks,
andrew
On 7/21/06, Voll, Scott <Scott.Voll at wesd.org> wrote:
> I have a site that has many (internal) subnets but another agency
wants
> to only allow one (internal) subnet into their network. So what I
would
> like to do on the pix is two nats.
>
>
>
> IE>
>
>
>
> Nat (inside) 1 10.x.x.x 255.255.255.0
>
> Nat (inside) 2 0.0.0.0 0.0.0.0
>
> Global (outside) 1 y.y.y.y
>
> Global (outside) 2 a.a.a.a - a.a.a.b
>
>
>
> Will this work or do I have to do a nat inside for each subnet? I was
> hoping the nat was like routing.... Best match.
>
>
>
> TIA
>
>
>
> Scott
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list