Thank you guys, i found some good explanation on cisco: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/mr.h tm#xtocid6
The nat 1 0 0 command means that all outbound connections can pass through the PIX Firewall with address translation. If you use the nat (inside) 1 0 0 command, users can start connections on any interface with a lower security level, on the both perimeter interfaces and the outside interface. With NAT in effect, you must also use the global command statement to provide a pool of addresses through which translated connections pass. In effect, you use the nat command statement to specify from which interface connections can originate and you use the global command statement to determine at which interface connections can occur. The NAT ID must be the same on the nat and global command statements -voitek., ----- Original Message ----- From: "Gaz" To: Sent: Monday, July 01, 2002 3:59 PM Subject: Re: need clarification on some PIX terms [7:47786] > Must admit I've not seen it without the (interface) option. Does the "nat 1 > 0 0" format equate to: > > nat (inside) 1 0 0 > and > nat (DMZ) 1 0 0 > > or just the inside interface? > Not got a Pix to try it on until tomorrow, or at least if I do I'll probably > lose the Pix I'm VPN'ing through :-) > > > Gaz > > > ""Peter zhang"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > what is the difference between > > nat (inside) 1 0 0 > > and > > nat 1 0 0 > > > > They are the same, nat all inside networks > > ############ > > > > I am completely lost when to use "netmask" when not. Some statements are > > required to have one some not. Is there any rule about it that or I just > > have to memorize all. > > example > > static (inside,outside) 200.1.1.1 10.1.1.1 -->> no netmask statement > > > > it will give you static translation with 32/bit mask > > ############### > > > > isakmp key mykey address 200.1.1.1 netmask 255.255.255.255 > > > > defaults to 32/bit mask of specified peer address if no mask defined > > > > ############## > > interface outside 200.200.200.10 255.255.255.0 -->> no netmask statement > > gobal (outside) 200.1.1-200.1.1.20 netmask 255.255.255.0 > > > > it will give a default mask depends on ip address class if no netmask > defined Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47911&t=47786 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
