Hello
I cant find solution for situation when i want to nat only adresses from 192.168.1.50 to 192.168.1.254 from inside network. i studied guide pix 6.0 and did not find that i can use range in 'nat'. in global i have one addres so i have pat.
Some solutions:
1) apply an access-group against the inside interface preventing traffic from .0-.49 and .255 from going out to anywhere; then just nat the entire subnet.2) apply a different kind of nat with a higher priority to .0-.49 and .255, and then just nat the entire subnet. For example you could nat 0 access-list .0-.49 and .255, letting them through without address change. Because nothing outside is going to route packets back to those non-routable addresses, traffic might go out [without using your PAT] but you wouldn't get return traffic.
Note: this method would be considered to conflict with RFC1918 (which defines the private address ranges), as that RFC makes you responsible for not allowing your privately addressed packets to leak out.
3) nat (inside) 1 192.168.1.50 255.255.255.254 nat (inside) 1 192.168.1.52 255.255.255.252 nat (inside) 1 192.168.1.58 255.255.255.248 nat (inside) 1 192.168.1.64 255.255.255.192 nat (inside) 1 192.168.1.128 255.255.255.192 nat (inside) 1 192.168.1.192 255.255.255.224 nat (inside) 1 192.168.1.224 255.255.255.240 nat (inside) 1 192.168.1.240 255.255.255.248 nat (inside) 1 192.168.1.248 255.255.255.252 nat (inside) 1 192.168.1.252 255.255.255.254 nat (inside) 1 192.168.1.254 255.255.255.255 global (outside) 1 interfaceCabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.