Quick note. The second command will only allow 50 NAT translations at a time. Once 50 are full, then everyone else gets denied. If you were to combine the 2 statements into:
Global (outside) 1 192.168.1.1-192.168.1.49 netmask 255.255.255.0 Global (outside) 1 192.168.1.50 netmask 255.255.255.0 Nat (inside) 1 0 0 This will cause the first 49 address's to get used for NAT, while the .50 will become an overflow, or overload/PAT address. The NAT will always be used before the PAT session is used as well. Thanks Larry -----Original Message----- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 9:27 AM To: [EMAIL PROTECTED] Subject: RE: NAT & PIX [7:38633] Yes, With the two commands NAT and GLOBAL, you can specify exactly what you need: global (outside) 1 192.168.1.200 netmask 255.255.255.255 This will translate the inside address(es) specified with the NAT command to ONE outside address. nat (inside) 1 0 0 This will translate all inside addresses to the address(es) specified with the GLOBAL command. If you want every pc on the inside network to translate to 1 public address (192.168.1.200) use these two commands: global (outside) 1 192.168.1.200 netmask 255.255.255.255 nat (inside) 1 0 0 If you want every pc on the inside network to translate to 1 out of 50 public addresses (192.168.1.201 thru 192.168.1.250) use these two commands: global (outside) 1 192.168.1.201-192.168.1.250 netmask 255.255.255.0 nat (inside) 1 0 0 Hth, Ole ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.RouterChief.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Need a Job? http://www.OleDrews.com/job ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----Original Message----- From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 4:18 AM To: [EMAIL PROTECTED] Subject: NAT & PIX [7:38633] Hi I have a PIX firewall, and am using nat to let my clients access the internet, but now I need to connect about a 100 clients, bases in an wan of more than 50 places, all to the internet through the same ip address, so the question is, can I have some sort of a NAT list letting all the 100 ip addresses get on the net through the one public address ?? Best regards ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38651&t=38633 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]