Identity NAT on PIX -- help needed

Unanswered Question
Dec 8th, 2007
User Badges:
  • Cisco Employee,

I have read through the documents on Identity NAT but few things are not clear to me. Consider the following network setup and the requirement.

PC1 ----[Inside]-PIX--[Dmz]---PC2

PC1 -

Inside -


PC2 --


PC2 has to retain the same IP address when it is communicating with inside network.

So configured following NAT

Static (dmz, inside) netmask

However, when I configure following statements the traffic flows as expected

Static ( inside, dmz)

Static ( inside,dmz)

Static (dmz,inside)


Can someone explain the identity NAT concept in the above scenario and the correct configuration statement?

Thanks in advance for your time


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Sat, 12/08/2007 - 20:32
User Badges:
  • Blue, 1500 points or more

can you first answer a couple questions about your setup please?

1. what version of PIX OS?

2. if version is 7.x or later, is nat-control enabled

3. what is the security-level of the dmz interface?

padramas Sat, 12/08/2007 - 20:39
User Badges:
  • Cisco Employee,

1- 7.2.2

2- Nat control is enabled

3- Inside 100, DMZ 50

Please let me know if you need any further information or not.


This Discussion