Help with "Global" command

Hi

I'm doing the following in my new DMZ:

nat (dmz2) 0 x.x.x.64 255.255.255.240 0 0

My question is do I need a "global" statement with the above nat?

My Take on the above is that I don't need one, however there is another dmz configured on the pix and that has disabled nat aswell, but has a "global" command attached to it. So I'm rather confused.

Any help would be appreciated Thanks Dan

Reply to
Dan_track
Loading thread data ...

The answer is no.

Usually a nat statement always goes with a global statement , the global being the address(es) used for NATing.

The exception is when you do a "nat (interface) 0 ". A nat 0 means that you don't want to NAT; so if you don't NAT, you don't need to define a global address pool .

I never tried to enter a global (interface) 0 statement , but if the PIX accept it , it would be useless.

Reply to
mcaissie

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.