Advice on moving from NAT to PAT 1

[zephyran]

We will be losing our existing IP addresses (a few hundred) and getting back 32 (long story). We have a PIX firewall as our connection to the Internet, and are currently using NAT for our clients (about 70).

We're therefore planning on moving to PAT. We don't have any critical software that requires specific ports for communication. Are there any problems we should expect when shifting from NAT to PAT? For instance, will Windows Media Player streaming audio/video no longer work? Thanks all!

 

[yizhar]

HI.

You can expect problems with the following:

IPSec VPN tunnels established from the clients - these don't work behind PAT. No problem establishing a tunnel endpoint at the pix itself, or with STATIC mapping to a server behind the pix.

Some multimedia applications may have problems - I have never tested but keep asking around and make a pilot test if its important to you.

You can configure the pix to use PAT for a specific subnet and keep using NAT for the other, and make this way a pilot test before changing for everyone.

You can also use about 25 (the rest used by router, pix and static mappings) addresses for NAT after the change and only use PAT when this overflows. 70 clients will use the NAT most of the time.
See pix manuals at

http://www.cisco.com

for details.

Bye

Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar