Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
3
Replies

static NAT, to non-connected subnet

n.perry
Level 1
Level 1

‎06-30-2008 09:46 PM - edited ‎03-11-2019 06:07 AM

I'm using a PIX 515E with version 7.0, connected on the outside to the Internet, and on the inside to a router, both with IPs in the 192.168.3.0/24 subnet. "Behind" the router is a 192.168.1.0/24 subnet. I want to configure static NAT entries on the PIX from public to 192.168.1.X IP addresses, but am unsure if the PIX will allow NAT to a non-connected subnet? I have a static route on the PIX for 192.168.1.0/24 pointing to the router. Any thoughts?

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎06-30-2008 11:58 PM

As long as

1) The public IP addresses are routed to the outside interface of the pix

2) The pix knows how to route to the internal 192.168.1.x/24 subnet

then yes this will work. The internal subnet does not need to be directly connected to the pix.

Jon

0 Helpful

Fernando_Meza
Level 7
Level 7
In response to Jon Marshall

‎07-01-2008 03:18 AM

adding to Jon,

You also need to make sure that traffic between 192.168.1.0/24 and the Internet is allowed on the router. And of course the router should have a default gateway pointing to the firewall's inside interface.

0 Helpful

n.perry
Level 1
Level 1
In response to Jon Marshall

‎07-01-2008 08:21 AM

Fantastic, thanks!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card