Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Dynamic Address Translation

Posted on 2005-05-16
Medium Priority
Last Modified: 2010-04-09
In a PIX 515E I have this command:

pixfirewall(config)# global (outside) 1 netmask

To my understanding the above statement displays my public address as a public ip address pool.  Why would I need this and whats the benefits of this?  My goal is this:  

[S0/0] Internet Gateway Router [e0/0] ->  [outside] PIX 515E [inside] -> [] Catalyst Switch -> out to the user network

Server example:
Mail Server
Public IP:
Private IP:

Now, I don't see how that global (outside) command will benefit me or any purpose in my network?
Question by:Pentrix2
1 Comment
LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 14015460
When you set a global range, whenever any internal host goes to an external host, then there must be a translation from the internal to a global. Using a range, each internal host gets an independent external global from the pool, until the pool is used up. Basically only 50 of your internal hosts will be able to get out.

For your mail server, you want to set up a static nat translation. Since your selected public IP is also within the pool range, you must exclude that IP from the pool, for example:

global (outside) 1 netmask

== the following creates a PAT "overload" so that you can service many many more clients than you have pool addresses
global (outside) 1

== assuming that you have something like this:
nat (inside) 1 0

== add a static for your mail server
static (inside,outside) netmask

== now you need to add access-list rules, and apply it to the outside interface
access-list outside_in permit tcp any host eq smtp
access-group outside_in in interface outside

>I don't see how that global (outside) command will benefit me or any purpose in my network?
It is absolutely vital to your internal hosts to communicate on the Internet.

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Screencast - Getting to Know the Pipeline
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month11 days, 22 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question