Nat in PIX

Unanswered Question
Feb 19th, 2009

global (outside) 10 netmask

nat (inside) 10

This is the Configuration of PIX. My question is, If any traffic is comming from outside, on which IP it will translated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
JamesLuther Thu, 02/19/2009 - 02:08


Traffic from the outside to inside won't be translated.

The above configuration will translate traffic coming from the inside network behind the outside IP

jholding09 Thu, 02/19/2009 - 05:26

Is there ever an instance where Outside traffic would get translated going into a firewall etc?

Jon Marshall Thu, 02/19/2009 - 05:50

Yes, if you set up a static translation rather than a dynamic translation ie.

static (inside,outside) netmask

if the internal host connects to a server on the outside the source address is translated to

If an external PC tries to connect to it will be translated by the pix to

Static translations allow traffic to be initiated from both directions.


Jon Marshall Thu, 02/19/2009 - 02:19


James is correct in what he says. More specifically any traffic that is initiated from the outside will not be translated with the above configuration.

Traffic that is part of a connection that was initiated from the inside will be translated back to the original address.

So if you go to a web page on the internet from then as the traffic goes through the pix the source IP address will be translated to When the web server sends a packet back the destination address is When it arrives at the pix the firewall then translates the destination IP address back to


Rupesh Kashyap Thu, 02/19/2009 - 19:38

It means, I am taking Example of Router, then any traffic initiated from Outside will not be natted with below command.

"ip nat inside source list 15 interface Serial0/1/0:0 overload"


This Discussion