Dynamic Address Translation

Posted on 2005-05-16
Last Modified: 2010-04-09
In a PIX 515E I have this command:

pixfirewall(config)# global (outside) 1 netmask

To my understanding the above statement displays my public address as a public ip address pool.  Why would I need this and whats the benefits of this?  My goal is this:  

[S0/0] Internet Gateway Router [e0/0] ->  [outside] PIX 515E [inside] -> [] Catalyst Switch -> out to the user network

Server example:
Mail Server
Public IP:
Private IP:

Now, I don't see how that global (outside) command will benefit me or any purpose in my network?
Question by:Pentrix2
    1 Comment
    LVL 79

    Accepted Solution

    When you set a global range, whenever any internal host goes to an external host, then there must be a translation from the internal to a global. Using a range, each internal host gets an independent external global from the pool, until the pool is used up. Basically only 50 of your internal hosts will be able to get out.

    For your mail server, you want to set up a static nat translation. Since your selected public IP is also within the pool range, you must exclude that IP from the pool, for example:

    global (outside) 1 netmask

    == the following creates a PAT "overload" so that you can service many many more clients than you have pool addresses
    global (outside) 1

    == assuming that you have something like this:
    nat (inside) 1 0

    == add a static for your mail server
    static (inside,outside) netmask

    == now you need to add access-list rules, and apply it to the outside interface
    access-list outside_in permit tcp any host eq smtp
    access-group outside_in in interface outside

    >I don't see how that global (outside) command will benefit me or any purpose in my network?
    It is absolutely vital to your internal hosts to communicate on the Internet.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now