开发者

Cisco pix command - whats this command mean?

Anyone know what the following means? I have these two lines in our cisco PIX configuration file but have no references to these IP'开发者_Go百科s anywhere else in the config and cant find a device on the network with them.

global (inet) 10 213.228.xxx.xx

global (inet) 20 213.228.xxx.xx

thanks, Jason

(BTW: I've xxx'ed out the remainder of the ip for security :-0 )


The global and nat commands are used to define NAT pools for dynamic NAT. In this instance if you had a command like:

nat (inside) 10 192.168.100.0 255.255.255.0

Then all traffic from the network would be translated to whatever address is specified in the command:

global (inet) 10 213.228.xxx.xx

Looking at what you posted, it looks like your implementation has 2 different outgoing addresses based on what subnet the traffic comes from.


You are applying a global NAT(PAT) or better yet Dynamic NAT 213.228.x.x '10' to the specified interface id

So inet is the interface traffic is NAT'd against. And by specifying the following you are saying all from (inside) 10.x.x.x going out (inet) will be NAT'd to 213.228.x.x as per policy '10'.

global (inet) 10 x.x.x.x
global (inet) 20 x.x.x.x

nat (inside) 10 192.168.100.x
nat (inside) 20 192.168.101.x

Hope that helps

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜