Cisco pix command - whats this command mean?

StackOverflow https://stackoverflow.com/questions/2698765

  •  01-10-2019
  •  | 
  •  

Question

Anyone know what the following means? I have these two lines in our cisco PIX configuration file but have no references to these IP's anywhere else in the config and cant find a device on the network with them.

global (inet) 10 213.228.xxx.xx

global (inet) 20 213.228.xxx.xx

thanks, Jason

(BTW: I've xxx'ed out the remainder of the ip for security :-0 )

Was it helpful?

Solution

The global and nat commands are used to define NAT pools for dynamic NAT. In this instance if you had a command like:

nat (inside) 10 192.168.100.0 255.255.255.0

Then all traffic from the network would be translated to whatever address is specified in the command:

global (inet) 10 213.228.xxx.xx

Looking at what you posted, it looks like your implementation has 2 different outgoing addresses based on what subnet the traffic comes from.

OTHER TIPS

You are applying a global NAT(PAT) or better yet Dynamic NAT 213.228.x.x '10' to the specified interface id

So inet is the interface traffic is NAT'd against. And by specifying the following you are saying all from (inside) 10.x.x.x going out (inet) will be NAT'd to 213.228.x.x as per policy '10'.

global (inet) 10 x.x.x.x
global (inet) 20 x.x.x.x

nat (inside) 10 192.168.100.x
nat (inside) 20 192.168.101.x

Hope that helps

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top