1. Home
  2. Cisco Systems
  3. "secondary" PIX NAT/PAT pools

"secondary" PIX NAT/PAT pools

All the configuration examples I've been able to find for PIXes show NAT and PAT address pools being taken from the address range on the outside interface of the PIX. Is there any way to map inside addresses to a separate pool of addresses which could be routed to the PIX?

Background: we have an FWSM running PIX OS 3.1(x) and until recently we were exclusively using identity NAT (no translation) with a /29 on the outside interface. We now need to start doing NAT for a significant number of addresses. We have enough public addresses available to provide a large pool of outside addresses, say a /23, but I can't see a way to use them without readdressing the outside network and a corresponding break in service while I do it.

Any ideas?

Sam

Reply to
Sam Wilson
Loading thread data ...

Yes, of course. Just route the IP-Pool to the outside interfaces. It will work.

Reply to
Lutz Donnerhacke

I thought it must be possible but I can't find an example - can you give me one?

Sam

Reply to
Sam Wilson

pix(conf)# global (outside) 1 256.75.12.10-256.75.12.30 router(conf)# ip route 256.75.12.0 255.255.255.224 pix.ip.add.ress

Reply to
Lutz Donnerhacke

That simple!? Wow! Actually we use OSPF between the router and the PIX so I'll have to work out how to announce the pool addresses that way, won't I?

Sam

Reply to
Sam Wilson

It's Finesse.

I wouldn't recommend any dynamical routing protocol on the PIX.

Reply to
Lutz Donnerhacke

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.