Unanswered Question
Oct 15th, 2007
User Badges:


we have a problem to setup our pix.

Pix is set as folows:

Users in inside network (connected to inside interface) have addresses for example 192.168.30.x,192.168.31.x

Public address on pix (outside interface) are for example,

Now when someone want to access from outside interface ( - people from internet) to inside address ( - server) we have a statement: static (inside outside) netmask 0 0 which translate this traffic. That is ok.

But now we want that people from inside network 192.168.31.x that access public adress (so their destination address is will be returned to address

So what is statment or how to set up this on pix?

pix have only 2 interfaces - inside (priority 100) and outside (priority 0)

Thank you.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Mon, 10/15/2007 - 12:03
User Badges:
  • Green, 3000 points or more

Lobos, if I understand correctly, your inside users are trying to connect to which is an inside server by using its Nated Public address from outside , if this is true you are looking at DNS doctoring or hairpinning.


Public NAT address

Inside Local address

same-security-traffic permit intra-interface

static (inside,inside) netmask

global (inside) 1 interface

nat (inside) 1 0 0


This Discussion