06-30-2008 09:46 PM - edited 03-11-2019 06:07 AM
I'm using a PIX 515E with version 7.0, connected on the outside to the Internet, and on the inside to a router, both with IPs in the 192.168.3.0/24 subnet. "Behind" the router is a 192.168.1.0/24 subnet. I want to configure static NAT entries on the PIX from public to 192.168.1.X IP addresses, but am unsure if the PIX will allow NAT to a non-connected subnet? I have a static route on the PIX for 192.168.1.0/24 pointing to the router. Any thoughts?
06-30-2008 11:58 PM
As long as
1) The public IP addresses are routed to the outside interface of the pix
2) The pix knows how to route to the internal 192.168.1.x/24 subnet
then yes this will work. The internal subnet does not need to be directly connected to the pix.
Jon
07-01-2008 03:18 AM
adding to Jon,
You also need to make sure that traffic between 192.168.1.0/24 and the Internet is allowed on the router. And of course the router should have a default gateway pointing to the firewall's inside interface.
07-01-2008 08:21 AM
Fantastic, thanks!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide