Gil,
I'm sorry, but I disagree. The static mappings must come from the global
pool of ip addresses.
So, to answer the orginal question, "May I define a global pool addresses
that has already defined for static
global address?" Yes you can. Define the pool first, then create the
static mappings.
"What the effect for this configuration?" It will work!
"Is there any rule to making a global pool and PAT address?" Yes.
You enable the PAT feature by entering a single IP address with the global
command.
When using PAT with a pool of global addresses, first the addresses from the
global pool are used, then the next connection is taken from the PAT
address. If a global pool address frees, the next connection takes that
address. The global pool addresses always come first, before a PAT address
is used. Otherwise, the PAT address will continue to be used.
Also, don't forget to create your conduits, otherwise the static mappings
won't work.
Hope this helps.
Brent
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, August 23, 2000 3:17 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Global Pool addresses on PIX
Hi,
You can not do such a thing because you are assigning those addresses
twice and it cause conflicts.
Just imagine to path of the packet and the header of the packet how will it
the PIX know how to treat it ???
GIL
-----Original Message-----
From: Wibowo Nur Susetio [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 23, 2000 5:05 AM
To: '[EMAIL PROTECTED]'
Subject: Global Pool adrresses on PIX
Dear CISCO'ers
May I define a global pool addresses that has already defined for static
global address,
what the effect for this configuration. Is there any rule to making a global
pool and PAT address??
Please advise ...
global (outside) 1 209.165.201.101-209.165.201.110 netmask 255.255.255.240
static (dmz1,outside) 209.165.201. 101 192.168.1.15 netmask 255.255.255.255
0 0
static (dmz1,outside) 209.165.201. 102 192.168.1.16 netmask 255.255.255.255
0 0
static (dmz1,outside) 209.165.201. 105 192.168.1.10 netmask 255.255.255.255
0 0
static (dmz1,outside) 209.165.201. 110 192.168.1.11 netmask 255.255.255.255
0 0
access-list acl_out permit tcp any host 209.165.201.101 eq smtp
access-list acl_out permit tcp any host 209.165.201.102 eq smtp
access-list acl_out permit tcp any host 209.165.201.105 eq www
access-list acl_out permit tcp any host 209.165.201.110 eq domain
access-group acl_out in interface outside
I looking forward to hearing from you all
Thank you
WNS
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
This email was scanned using ESPG @ PubliCom Haifa.
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
