Pix question

Unanswered Question
Mar 5th, 2009

If I have a pix 501, and I have both a nat 1 statement and a global 1 statement, but I also have a "static (inside,outside)" command, does this static statement make it do a No NAT situation, if my internal network of the pix is a network?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
adamclarkuk_2 Fri, 03/06/2009 - 05:06


It sounds like you are using an old code or have nat-control enabled where NAT must happen for traffic to traverse higher security interfaces to lower security interfaces. The static statement is doing NAT but is NAT'ing the source IP address to the same source IP address when traffic flows from inside to outside. If you look in the xlate table (show xlate), you will see entries for any of the flows matching that static statement.

Version 7 introduced the nat-control command so you could turn off the need for NAT.


brandon_leiker Thu, 03/12/2009 - 11:57

The PIX 501 supports Version 6.35 as the lastest version; it doesn't have the memory requiremetns to support the version 7 code.


This Discussion