Pix 501 and Only 1 IP Address and NAT

A pix 501 running v. 2.6
Outside interface is IP 192.168.9.2 255.255.255.0
Inside interface is IP 10.0.9.1 255.255.255.0
nat (inside) 1 10.0.9.0 255.255.255.0

I try to make a pat global statement so that
traffic coming into the pix uses the outside interface
192.168.9.2 so I do :

global (outside) 1 192.168.9.2 255.255.255.255

I GET ERRROR : OVERLAPS WITH OUTSIDE INTERFACE ADDRESS

if i use 192.168.9.3 it pats fine and works - I'm sure it
must be the case that YOU CANNOT USE THE IP ADDRESS of the
Outside interface to use as the Pat address ? How else
do you work with only 1 IP ?

I guess that you could use the outside address for static nat?
I.e. static(inside,outside) 192.168.9.2 ............ etc. ?
But then I only have that one address - I guess using port
address redirection I could have multiple ports assigned to
the 192.168.9.2 [dunno - haven't tried that yet] interface but
still - what if you have like 200 users inside. Guess your're
stuck with having to have more than 1 IP ?

any help appreciated especially any explanation of how come
the .2 address used for the outside interface can NOT be used
with a global pat statement. thanks, robert

 

Hi,

Try global (outside) 1 interface
but it will likely give you the same error info, which is just info.
This is some "bug" in version 6.2 that give you this info.
To get rid of it, upgrade to 6.3.3 or ignore it 8)

HTH
Martin Bilgrav