From: Jake Secrist (jjsecrist@yahoo.com)
Date: Tue Apr 19 2005 - 23:09:45 GMT-3
Bill,
If my math is correct, you need these three networks:
nat (inside) 302 10.25.2.32 255.255.255.224
nat (inside) 302 10.25.2.64 255.255.255.192
nat (inside) 302 10.25.2.128 255.255.255.192
And if you are PATing to a single global address, don't you want to use a
single address in the global command and not a /24?
global (outside) 302 10.200.176.2 netmask 255.255.255.255
HTH,
Jake
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Bill
Faber
Sent: Tuesday, April 19, 2005 9:48 PM
To: ccielab@groupstudy.com
Subject: PIX Nat help
Guys,
I need some assistance. We are implementing a URL blocker and I am trying to
put nat statements into the PIX to reflect the addresses we need to global
PAT.
I need to have 10.25.X.32 - 10.25.X.191 PAT to a single IP. Here is what I
tried using:
1>global (outside) 302 10.200.176.2 netmask 255.255.255.0
2>nat (inside) 302 10.25.2.32 255.255.255.128
3>nat (inside) 302 10.25.2.160 255.255.255.224
I get this warning message:
WARNING: IP address <10.25.2.32> and netmask <255.255.255.128> inconsistent
And the PIX inserts line two as 10.25.2.0 255.255.255.128.
I am need of some guidance. Any words of wisdom?
Bill
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:55:02 GMT-3