PIX506E without NAT (multiple public IPs)

Unanswered Question
Jun 5th, 2007


I've never configured a PIX506E without NAT but I'm planning on doing it for one of my customers (their PBX/VOiP server requires a no-Nat connection). They're going to have a T1 router route the addresses to the PIX, the PIX will have public addresses on both interfaces (outside/inside) and then I was planning on putting static routes to the other internal IPs via the inside interface. Will this work and if not, can you guys recommend a better way of accomplishing this? Any input will be greatly appreciated.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

It can work I think. Although are the other internal IPs going to be routed to another router/l3 switch? The PIX does not handle having multiple virtual IPs per interface very well (it requires using VLANs and dot1q trunking). Also when using public IPs behind a PIX you have to configure a static nat statement even so to ensure that it's handled correctly. Basically all traffic going through a pix either has to be NATed or explicitly indicated to be not NATed. for example:

static (inside,outside)

If you're not used to the PIX this type of command seems redundant, but it actually enables the PIX to pass the public IPs on the inside interface thru the device.


This Discussion