Help with "Global" command


I'm doing the following in my new DMZ:

nat (dmz2) 0 x.x.x.64 0 0

My question is do I need a "global" statement with the above nat?

My Take on the above is that I don't need one, however there is another dmz configured on the pix and that has disabled nat aswell, but has a "global" command attached to it. So I'm rather confused.

Any help would be appreciated Thanks Dan

Reply to
Loading thread data ...

The answer is no.

Usually a nat statement always goes with a global statement , the global being the address(es) used for NATing.

The exception is when you do a "nat (interface) 0 ". A nat 0 means that you don't want to NAT; so if you don't NAT, you don't need to define a global address pool .

I never tried to enter a global (interface) 0 statement , but if the PIX accept it , it would be useless.

Reply to
mcaissie Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.