static NAT, to non-connected subnet

Unanswered Question
Jun 30th, 2008
User Badges:

I'm using a PIX 515E with version 7.0, connected on the outside to the Internet, and on the inside to a router, both with IPs in the 192.168.3.0/24 subnet. "Behind" the router is a 192.168.1.0/24 subnet. I want to configure static NAT entries on the PIX from public to 192.168.1.X IP addresses, but am unsure if the PIX will allow NAT to a non-connected subnet? I have a static route on the PIX for 192.168.1.0/24 pointing to the router. Any thoughts?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 06/30/2008 - 23:58
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

As long as


1) The public IP addresses are routed to the outside interface of the pix

2) The pix knows how to route to the internal 192.168.1.x/24 subnet


then yes this will work. The internal subnet does not need to be directly connected to the pix.


Jon

Fernando_Meza Tue, 07/01/2008 - 03:18
User Badges:
  • Gold, 750 points or more

adding to Jon,


You also need to make sure that traffic between 192.168.1.0/24 and the Internet is allowed on the router. And of course the router should have a default gateway pointing to the firewall's inside interface.



Actions

This Discussion