Global Nat

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Nat

L4 Transporter

How can you determnine what the global nat address is on a firewall?

4 REPLIES 4

L5 Sessionator

Hi Infotech,

The global address is probably your outside interface address if you have only one public ip. If you have configured multiple public ips, you address will depend on the way you have configured it for individual host or the range of addresses. There is no global (outside) command if you are referring to ASA's equivalent. You can also look at the session "show session all" and see which inside addresses are translated to outside ones. Hope this helps.

This was the result of my show session all

total configured hardware interfaces: 9

name                    id    speed/duplex/state        mac address
--------------------------------------------------------------------------------
ethernet1/1             16    1000/full/up              00:1b:17:c8:e8:10
ethernet1/2             17    1000/full/up              00:1b:17:c8:e8:11
ethernet1/3             18    100/full/up               00:1b:17:c8:e8:12
ae1                     48    [n/a]/[n/a]/up            00:1b:17:c8:e8:30
dedicated-ha1           5     unknown/unknown/unknown(unknown)00:1b:17:ff:f5:2d
dedicated-ha2           6     1000/full/down(unknown)   00:1b:17:c8:e8:06
vlan                    1     [n/a]/[n/a]/up            00:1b:17:c8:e8:01
loopback                3     [n/a]/[n/a]/up            00:1b:17:c8:e8:03
tunnel                  4     [n/a]/[n/a]/up            00:1b:17:c8:e8:04

aggregation groups: 1
ae1 members:
  ethernet1/1 ethernet1/2


total configured logical interfaces: 23

name                id    vsys zone             forwarding               tag    address
------------------- ----- ---- ---------------- ------------------------ ------ ------------------
ethernet1/3         18    1    Outside          vr:Secondary             0      66.94.196.107/28
ae1                 48    1                     vlan:Inside              0      N/A
ae1.11              256   1                     N/A                      11     N/A
ae1.300             257   1                     vlan:Wireless            300    N/A
ae1.999             258   1                     vlan:DR-DMZ              999    N/A
dedicated-ha1       5     1                     ha                       0      N/A
dedicated-ha2       6     1                     ha                       0      N/A
vlan                1     1                     N/A                      0      N/A
vlan.1              259   1    Inside           vr:Secondary             0      10.135.100.1/24
vlan.300            261   1    wireless         vr:Secondary             0      172.20.1.130/24
vlan.999            262   1    DR-DMZ           vr:Secondary             0      172.17.1.1/24
loopback            3     1                     N/A                      0      N/A
tunnel              4     1                     N/A                      0      N/A
tunnel.1            263   1    HergetVPNZone    vr:Secondary             0      172.250.12.1/24
tunnel.3            265   1    HergetVPNZone    vr:Secondary             0      172.250.13.1/24
tunnel.4            266   1    HergetVPNZone    vr:Secondary             0      172.250.14.1/24
tunnel.5            267   1    HergetVPNZone    vr:Secondary             0      172.250.15.1/24
tunnel.6            268   1    HergetVPNZone    vr:Secondary             0      172.250.16.1/24
tunnel.7            269   1    HergetVPNZone    vr:Secondary             0      172.250.7.2/24
tunnel.8            270   1    HergetVPNZone    vr:Secondary             0      172.250.8.2/24
tunnel.9            273   1    HergetVPNZone    vr:Secondary             0      172.250.9.2/24
tunnel.998          272   1                     N/A                      0      N/A
tunnel.999          271   1    GlobalProtect    vr:Secondary             0      172.25.1.44/24

Could you please check the command one more time. It seems like you have typed "show interface all". Command to view existing session going through the firewall is "show session all". Thanks

yes I entered show session all into a putty session that I had to the PA 3020 that I am working on

  • 1823 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!