static NAT, to non-connected subnet

Unanswered Question
Jun 30th, 2008

I'm using a PIX 515E with version 7.0, connected on the outside to the Internet, and on the inside to a router, both with IPs in the 192.168.3.0/24 subnet. "Behind" the router is a 192.168.1.0/24 subnet. I want to configure static NAT entries on the PIX from public to 192.168.1.X IP addresses, but am unsure if the PIX will allow NAT to a non-connected subnet? I have a static route on the PIX for 192.168.1.0/24 pointing to the router. Any thoughts?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 06/30/2008 - 23:58

As long as

1) The public IP addresses are routed to the outside interface of the pix

2) The pix knows how to route to the internal 192.168.1.x/24 subnet

then yes this will work. The internal subnet does not need to be directly connected to the pix.

Jon

Fernando_Meza Tue, 07/01/2008 - 03:18

adding to Jon,

You also need to make sure that traffic between 192.168.1.0/24 and the Internet is allowed on the router. And of course the router should have a default gateway pointing to the firewall's inside interface.

Actions

This Discussion