Cisco PIX 500 Series Configuration Manual page 336

Using Dynamic NAT and PAT
Figure 17-17
10.1.2.27
See the following commands for this example:
hostname(config)# nat (inside) 1 10.1.2.0 255.255.255.0
hostname(config)# nat (inside) 2 192.168.1.0 255.255.255.0
hostname(config)# global (outside) 1 209.165.201.3-209.165.201.10
hostname(config)# global (outside) 2 209.165.201.11
You can enter multiple global commands for one interface using the same NAT ID; the security
appliance uses the dynamic NAT global commands first, in the order they are in the configuration, and
then uses the PAT global commands in order. You might want to enter both a dynamic NAT global
command and a PAT global command if you need to use dynamic NAT for a particular application, but
want to have a backup PAT statement in case all the dynamic NAT addresses are depleted. Similarly, you
might enter two PAT statements if you need more than the approximately 64,000 PAT sessions that a
single PAT mapped statement supports (see
Cisco Security Appliance Command Line Configuration Guide
17-20
Different NAT IDs
Web Server:
www.cisco.com
Outside
Security
Appliance
Translation
209.165.201.3
Inside
10.1.2.27
192.168.1.14
Global 1: 209.165.201.3-
209.165.201.10
Global 2: 209.165.201.11
Translation
192.168.1.14 209.165.201.11:4567
NAT 1: 10.1.2.0/24
NAT 2: 192.168.1.0/24
Figure 17-18).
Chapter 17 Configuring NAT
OL-12172-03