The weakness of port address translation as mentioned in earlier posting is singular IP for all internal users, yet it may look simple i.e. (only one public IP used) it augurs bad for restricted website;
Some website only allows limited downloading for certain IP address, as a method of checking or limiting the bandwidth.
Thus in my organization I have decided to mix PAT and NAT.
global (outside) 1 211.25.X.X-211.25.X.255 netmask 255.255.255.0
global (outside) 1 211.X.XI.1 netmask 255.255.255.0
The first rule tell the firewall to take NAT and translated according to the range, until the global IP address is completely used.
Then the rule will look into the subsequent ruling i.e PAT for all internal hosts using 211.X.XI.1.
One global IP can be used up to 65,536 [i.e 16 bits fields]
Example, when command sho xlate issued:
Global 211.X.X224 Local 10.101.35.53
Global 211.X.X139 Local 10.101.35.28
Global 211.X.X69 Local 10.101.73.42
Global 211.X.X122 Local 10.101.34.178
Global 211.X.X206 Local 10.101.81.102
Global 211.X.X186 Local 10.101.122.132
Global 211.X.X220 Local 10.101.34.103
Global 211.X.X218 Local 10.23.1.78
Global 211.X.X167 Local 10.101.24.68
Global 211.X.X235 Local 10.101.94.224
Global 211.X.X80 Local 10.101.30.18
Global 211.X.X193 Local 10.101.71.163
Global 211.X.X163 Local 10.101.24.249
Global 211.X.X236 Local 10.101.35.117
Global 211.X.X232 Local 10.101.57.48
Global 211.X.X136 Local 10.101.34.33
Global 211.X.X125 Local 10.101.41.136
Global 211.X.X189 Local 10.23.1.63
Global 211.X.X143 Local 10.101.128.75
Global 211.X.X174 Local 10.101.34.173
Global 211.X.X55 Local 10.24.1.202
Global 211.X.X225 Local 10.101.115.40
Global 211.X.X222 Local 10.101.73.66
PAT Global 211.X.X.XI.1(18507) Local 10.101.71.36(2162)
PAT Global 211.X.X.XI.1(19531) Local 10.101.124.79(2356)
PAT Global 211.X.X.XI.1(21323) Local 10.101.114.100(3476)
PAT Global 211.X.X.XI.1(21067) Local 10.105.1.213(2448)
PAT Global 211.X.X.XI.1(20811) Local 10.101.27.13(1909)
PAT Global 211.X.X.XI.1(20555) Local 10.101.158.55(2912)
PAT Global 211.X.X.XI.1(21579) Local 10.101.60.177(50516)
PAT Global 211.X.X.XI.1(5196) Local 10.101.28.39(2276)
PAT Global 211.X.X.XI.1(11852) Local 10.105.1.170(1111)
PAT Global 211.X.X.XI.1(20044) Local 10.101.38.101(1802)
PAT Global 211.X.X.XI.1(19532) Local 10.101.124.79(2357)
PAT Global 211.X.X.XI.1(21324) Local 10.101.60.100(1083)
PAT Global 211.X.X.XI.1(21068) Local 10.101.34.70(1949)
PAT Global 211.X.X.XI.1(20812) Local 10.101.27.13(1910)
PAT Global 211.X.X.XI.1(21580) Local 10.101.60.177(50518)
ae & Liza
- aeab & liza
- Ghum-buck, Say-lung-gore, Malaysia
- tryin to make my echoes resonance in the cyber world!! makin sense of this world!!
No comments:
Post a Comment