PIX 515E DMZ config

Unanswered Question
Mar 9th, 2007
User Badges:

If the PIX has it's inside interface on it's own subnet, uplinked to 4503 switch (, and the workstations and servers are on different subnets (,, and using the switch as their default gateway, how do you set up the NATing to allow access to servers in the DMZ from the inside Interface?

Do I set up seperate NAT

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
hoogen_82 Sat, 03/10/2007 - 02:46
User Badges:
  • Silver, 250 points or more

First thing is getting your route inside statements right.

route inside

route inside

The above statements are assuiming that your switch ip is

Then i believe you mist have already had nat (inside) 1 and nat (inside) 1 statements

global(dmz) 1 interface or else type the address you want it to translate it to.

Thats all.



richmorrow624 Sat, 03/10/2007 - 04:40
User Badges:

I have all of this and I still am unable to ping the DMZ interface, there is no host machine on the DMZ at the moment.

Shouldn't I be able to ping the DMZ interface though?

kaachary Sat, 03/10/2007 - 04:46
User Badges:
  • Cisco Employee,

Try this :

static (inside,dmz)

static (inside,dmz)

route inside

That should do it.

(Please rate if helped)



This Discussion