nat for pool

Discussion in 'Cisco' started by voytas, Sep 12, 2006.

  1. voytas

    voytas Guest

    Hello

    I cant find solution for situation when i want to nat only adresses
    from 192.168.1.50 to 192.168.1.254 from inside network. i studied guide
    pix 6.0 and did not find that i can use range in 'nat'. in global i
    have one addres so i have pat.
     
    voytas, Sep 12, 2006
    #1
    1. Advertising

  2. In article <>,
    voytas <> wrote:

    >I cant find solution for situation when i want to nat only adresses
    >from 192.168.1.50 to 192.168.1.254 from inside network. i studied guide
    >pix 6.0 and did not find that i can use range in 'nat'. in global i
    >have one addres so i have pat.



    Some solutions:

    1) apply an access-group against the inside interface preventing
    traffic from .0-.49 and .255 from going out to anywhere; then just
    nat the entire subnet.

    2) apply a different kind of nat with a higher priority to
    ..0-.49 and .255, and then just nat the entire subnet. For example
    you could nat 0 access-list .0-.49 and .255, letting them
    through without address change. Because nothing outside is going
    to route packets back to those non-routable addresses, traffic might
    go out [without using your PAT] but you wouldn't get return traffic.

    Note: this method would be considered to conflict with RFC1918
    (which defines the private address ranges), as that RFC makes you
    responsible for not allowing your privately addressed packets to leak out.

    3)
    nat (inside) 1 192.168.1.50 255.255.255.254
    nat (inside) 1 192.168.1.52 255.255.255.252
    nat (inside) 1 192.168.1.58 255.255.255.248
    nat (inside) 1 192.168.1.64 255.255.255.192
    nat (inside) 1 192.168.1.128 255.255.255.192
    nat (inside) 1 192.168.1.192 255.255.255.224
    nat (inside) 1 192.168.1.224 255.255.255.240
    nat (inside) 1 192.168.1.240 255.255.255.248
    nat (inside) 1 192.168.1.248 255.255.255.252
    nat (inside) 1 192.168.1.252 255.255.255.254
    nat (inside) 1 192.168.1.254 255.255.255.255
    global (outside) 1 interface
     
    Walter Roberson, Sep 12, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bill F

    configuring pat nat pool

    Bill F, Oct 30, 2003, in forum: Cisco
    Replies:
    1
    Views:
    1,907
    Chris
    Oct 30, 2003
  2. JCVD
    Replies:
    1
    Views:
    492
    Martin Gallagher
    Feb 13, 2004
  3. Giuen
    Replies:
    0
    Views:
    1,421
    Giuen
    Sep 12, 2008
  4. eostrike
    Replies:
    3
    Views:
    2,126
    eostrike
    Oct 24, 2008
  5. tom
    Replies:
    0
    Views:
    992
Loading...

Share This Page