CompTIA
Exam Vouchers
Save money on CompTIA exams
| Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
| TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more | * ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i Online practice tests
Certification sites Online university Online college Online education Distance learning Software forum Server administration forum Programming resources
|
|  |
Pages (2): [1] 2 »
| Author |
How to make nat with PIX outside interface
|
zaza230
Member
Registered: Apr 2001
Location: france
Country: france
State:
Certifications: CCNA
Working on: CCNP
Total Posts: 64
|
|
 How to make nat with PIX outside interface
I have only one public ip adress, this ip address is already assigned to my
pix outside interface. I would like to use this address in my "global outside X.X.X.X " command to nat internal trafic with the PIX outside address. When I do that I receive an error signaling that there is an overlaping between my command and the pix outside interface ?
How can I do it ? thank in advance
__________________
jean philippe ( France )
Report this post to a moderator
|
|
 07-05-02 10:22 AM
|
|
chodan
Senior Member
M
Registered: Mar 2000
Location: Kentucky
Country: United States
State:
Certifications: CCNA/CCNP CCDA /CCDP MCSE NT4/Win2000 MCP+I Network+ Security+
Working on: CCIE Routing & Switching
Total Posts: 1582
|
|
|
what is the ip address and subnetmask of the outside interface?
Is it a /30 ?
On a pix the nat pool can`t contain the address of the outside interface.
Make sure you only have one ip address available from your isp.
If you look at your ip subnetmask pair you might have more than one available.
__________________
Check out my music at
www.chodan.com
Rural Development in Eastern Ky.
www.centertech.com
"It is our decisions that show us what we truly are in life, not our abilities."
Last edited by chodan on 07-09-02 at 11:30 AM
Report this post to a moderator
|
|
|
07-09-02 11:26 AM
|
|
beenframed
Senior Member
Registered: Sep 2000
Location: NYC
Country: USA
State:
Certifications: A+
Working on:
Total Posts: 396
|
|
|
Yes, you will need to secure yourself another free valid public ip address. Check your subnet mask, my experience with ISP is that corporate accounts have always gotten a block of 6 usable IP's with out asking. But, if I needed more I had to plead my case with the ISP. The only time I've seen them dish out a /30 to a corporate account was if the line was a point to point link.
Anyways once you have that usable address your config will look like this:
global (outside) 1 xxx.xxx.xxx.xxx(usable IP)
nat (inside) 1 10.1.0.0 255.255.255.0 0 0
(this is your private internal network that you want natted to the global address.)
-bf
__________________
BeenFramed
Report this post to a moderator
|
|
|
07-09-02 03:28 PM
|
|
chodan
Senior Member
M
Registered: Mar 2000
Location: Kentucky
Country: United States
State:
Certifications: CCNA/CCNP CCDA /CCDP MCSE NT4/Win2000 MCP+I Network+ Security+
Working on: CCIE Routing & Switching
Total Posts: 1582
|
|
|
Verizon hands out "in our area anyway" /30 s
for business DSL customers.
I`m not sure what kind of service zaza230
though.
but for lease lines I you are right.
__________________
Check out my music at
www.chodan.com
Rural Development in Eastern Ky.
www.centertech.com
"It is our decisions that show us what we truly are in life, not our abilities."
Report this post to a moderator
|
|
|
07-09-02 03:33 PM
|
|
cahillrobert
Senior Network Junkie
Registered: Apr 2002
Location: South Jersey
Country: United States
State:
Certifications: CCDP,CCNP, MCSA
Working on: CCIE, MCSE (maybe)
Total Posts: 112
|
|
 pat on outside interface
Gents,
By no means am I a PIX expert, needing to refer to notes is the following functionable?
-------------------
ip address ( outside ) ooo.ooo.ooo.ooo subnet
ip address ( inside ) iii.iii.iii.iii subnet
route ( outside ) 0 0 ooo.ooo.ooo.ooo
global (outside) 1 interface
nat (inside) 1 <internal ip address ranges>
the translation will be the outside interface with the port number # >= 1024
--------------------
The method described by Chodan and beenframed of extending the IP Addresses with a /30 is preferrable and normal. All I want to confirm for my own sake will the above function if the ISP is unreasonable.
-Bob
__________________
Nothing in this world can take the place of persistence. Talent will not; nothing is more common than unsuccessful people with talent. Genius will not; unrewarded genius is almost a proverb. Education will not; the world is full of educated derelicts. Persistence and determination alone are omnipotent. The slogan “Press On” has solved and always will solve the problems of the human race.
—Calvin Coolidge
Report this post to a moderator
|
|
|
07-10-02 12:10 AM
|
|
MadChef
A Huge Fake
Registered: Sep 2000
Location:
Country: USA
State:
Certifications:
Working on: A Sex Farm
Total Posts: 1426
|
|
|
Re: pat on outside interface
quote:
Originally posted by cahillrobert
Gents,
By no means am I a PIX expert, needing to refer to notes is the following functionable?
global (outside) 1 interface
This is reasonable when using Pix code from 6.0 on. PAT using the interface address is not supported on earlier code.
MadChef
Report this post to a moderator
|
|
|
07-10-02 09:54 AM
|
|
chodan
Senior Member
M
Registered: Mar 2000
Location: Kentucky
Country: United States
State:
Certifications: CCNA/CCNP CCDA /CCDP MCSE NT4/Win2000 MCP+I Network+ Security+
Working on: CCIE Routing & Switching
Total Posts: 1582
|
|
|
|
07-10-02 11:02 AM
|
|
subnet__zero
Member
Registered: Oct 2000
Location: NYC
Country: US
State:
Certifications:
Working on: LMAO
Total Posts: 137
|
|
|
Not one to disagree with the Chef normally, but it appears that in the following URL, using the outside interface as the PAT address is available in 5.2 Go to the DHCPD link and then scroll down to the "examples" part and you will see the command listed there.
http://www.cisco.com/univercd/cc/td...m#xtocid1604925
I see in the URL that it's "pix_v52, and in going to previous pages it still appears that it's ver 5.2
HTH
Report this post to a moderator
|
|
|
07-10-02 01:46 PM
|
|
MadChef
A Huge Fake
Registered: Sep 2000
Location:
Country: USA
State:
Certifications:
Working on: A Sex Farm
Total Posts: 1426
|
|
|
quote:
Originally posted by subnet__zero
Not one to disagree with the Chef normally
Well, perhaps you should.  The first time I can remember that is with 6.0, but maybe I'm confusing it with the ability to do port redirection as well. Maybe I should have just said "recent" code. I'm actually a little surprised that it goes all the way back to 5.2. Thanks for the heads up.
MadChef
Report this post to a moderator
|
|
|
07-10-02 09:10 PM
|
|
dumbut
Member
Registered: May 2001
Location:
Country: usa
State:
Certifications: mcse
Working on:
Total Posts: 56
|
|
|
quote:
goes all the way back to 5.2. Thanks for the heads up
I guess 5.2 isn't too bad, that's why they test you in security lab
Report this post to a moderator
|
|
|
07-11-02 03:41 AM
|
|
|
Click here for CCNP study guides
Cisco exam notes
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is ON. |
|
ExamNotes forum archive
|
