PIX ver 6.0 & Static address translation

Unanswered Question
Mar 27th, 2007

I have a PIX 515 that I am using to seperate trusted and non-trusted devices on my WAN/LAN. ( There is no internet connection) The outside I/F is used to connect 7 remote sites using IP network numbers between and The outside devices only access a server on the DMZ Until now no address translation was required. I now have to connect another network which I need to translate as it conflicts with addresses used on the inside i/f. The managed WAN provider will not NAT on the routers. I cannot use dynamic nat as I am going from a lower trust I/F to a higher trust I/F. Can I put in static command that looks something like

static (dmz,outside)

Will this only translate incoming packets from the networks and leave the alone or will it cause problems. The PIX is used pretty much 24 x 7 so i need to be pretty sure of the change before I implment it


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kamal Malhotra Wed, 03/28/2007 - 09:09


Better option would be :

static (outside,dmz) netmask

Please make sure that you permit the traffic from to in the outside ACL and if there is any ACL on the DMZ interface then you permit the traffic from to


Please rate if it helps,




This Discussion