PIX 515 NAT Pool Advice

[jrl237]

I have about 50 computers behind a PIX 515. We have about 30 NAT IP addresses shared by those 50 computers. A while back we had a problem where the first 30 users could connect to outside web resources, but anyone after that could not get out. Someone on this site told me how to setup the NAT pools so I had 29 available NAT addresses, and one shared address that I believe was PAT.

Everything worked fine after that.

I need to set it up again, and I don't remember exactly how it was done. Could someone explain to me how best to configure the pools to handle this situtation?

 

[gconnect]

PAT

nat (inside) 1 0 0 -or-
nat (inside) 1 10.1.1.0 255.255.255.0

global (outside) 1 interface -or-
global (outside) 1 12.34.56.78

"1" ties the statement set together
the NAT statement suggests which internal IPs you want to translate. "0 0" means any (1st "0") with any subnet mask (2nd "0"). Or you can just specify the subnet and mask (i.e., 10.1.1.0 255.255.255.0)

GLOBAL specifies what you want to translate this IPs in the NAT statements to. "interface" means change them to the IP of the "outside" interface. Or you can specify if you are using a different IP.

Note, you can also use a access-list to get more specific
access-list 8 permit 10.1.1.2
access-list 8 permit 10.1.1.3
access-list 8 permit 10.1.1.7
access-list 8 permit 10.1.1.15
nat (inside) 1 access-list 8
global (outside) 1 interface

here's some extra help

http://www.cisco.com/en/US/products...erence_chapter09186a00801727ab.html#wp1032129

http://www.cisco.com/en/US/products..._guide_chapter09186a0080172786.html#wp1112434

good luck

-gC-

 

[jrl237]

Thanks gC. I think you've answered my questions.

jrl