Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
251
Views
0
Helpful
1
Replies

PIX v7.0.4 - NAT to address not on interface

rogernorton2
Level 1
Level 1

‎07-03-2007 05:24 AM - edited ‎03-11-2019 03:39 AM

I am working on a configuration where a static NAT is configured as follows (I have changed the ranges):

static(inside,outside) 10.0.0.2 192.168.1.2 netmask 255.255.255.255

interface ethernet0

nameif inside

ip address 192.168.1.1 255.255.255.0

interface ethernet1

nameif outside

ip address 192.168.2.1 255.255.255.0

In the above case the static is to an address not on any interface (but visible on the outside).

How does a PIX 7.x handle this from a security and routing perspective ?

Where is the 10.0.0.2 address bound to ?

The reason for the question is that I have a more complex scenario (6 interfaces with static & global combinations) and I am getting side effects when configuring NAT on other interfaces.

Thank you in advance for any assistance.

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎07-03-2007 06:44 AM

Hi

The pix will answer arp requests on the outside interface for the 10.0.0.2 address and depending on your acl allow traffic through and then NAT it to the 192.168.1.2 address.

As long as the 10.0.0.2 is routable to the outside interface of the pix there should be no problem.

HTH

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card