PIX v7.0.4 - NAT to address not on interface

Unanswered Question
Jul 3rd, 2007

I am working on a configuration where a static NAT is configured as follows (I have changed the ranges):

static(inside,outside) netmask

interface ethernet0

nameif inside

ip address

interface ethernet1

nameif outside

ip address

In the above case the static is to an address not on any interface (but visible on the outside).

How does a PIX 7.x handle this from a security and routing perspective ?

Where is the address bound to ?

The reason for the question is that I have a more complex scenario (6 interfaces with static & global combinations) and I am getting side effects when configuring NAT on other interfaces.

Thank you in advance for any assistance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 07/03/2007 - 06:44


The pix will answer arp requests on the outside interface for the address and depending on your acl allow traffic through and then NAT it to the address.

As long as the is routable to the outside interface of the pix there should be no problem.




This Discussion