static NAT, to non-connected subnet

Unanswered Question
Jun 30th, 2008
User Badges:

I'm using a PIX 515E with version 7.0, connected on the outside to the Internet, and on the inside to a router, both with IPs in the subnet. "Behind" the router is a subnet. I want to configure static NAT entries on the PIX from public to 192.168.1.X IP addresses, but am unsure if the PIX will allow NAT to a non-connected subnet? I have a static route on the PIX for pointing to the router. Any thoughts?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 06/30/2008 - 23:58
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

As long as

1) The public IP addresses are routed to the outside interface of the pix

2) The pix knows how to route to the internal 192.168.1.x/24 subnet

then yes this will work. The internal subnet does not need to be directly connected to the pix.


Fernando_Meza Tue, 07/01/2008 - 03:18
User Badges:
  • Gold, 750 points or more

adding to Jon,

You also need to make sure that traffic between and the Internet is allowed on the router. And of course the router should have a default gateway pointing to the firewall's inside interface.


This Discussion