Which came first? NAT or PAT

[snailworks]

We have a block of 16 available IP addresses set aside for NAT thru our PIX 515 for 25 workstations. After a while, we experience a situation where users can no longer get to the net - the thought was that the NAT pool was choking. Even with the last IP rolling to PAT, we still experienced the same problem.
We have installed a DSL as a low-cost backup to our T1 Internet in the event of a short-term loss.
The new thought is to use that DSL for our PAT. Any thoughts on this, and - it there a difference on the order (PAT then NAT or NAT then PAT)?

 

[yizhar]

HI.

Post here your config, or at least the global statements.
The order matters. When using NAT/PAT combination, the PAT address should be the lowest, for example this is OK:
global x.x.x.1
global x.x.x.2-x.x.x.10

And this is not:
global x.x.x.10
global x.x.x.2-x.x.x.9

Because the pix starts using addresses from high to low.

But the best way is to use PAT only with an address different then the pix own ip, and reserve the remianing addresses for future use when needed.
This avoids the problem you mentioned and is much easier to manage and troubleshoot.

> We have installed a DSL as a low-cost backup to our T1 Internet in the event of a short-term loss ..
The pix can have only a single default gateway, so I don't know how exactly are you planning to do it.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar