I need some expert help on this issue. We currently have a setup where our pix 515e v7.2 handles out outbound/inbound internet traffic in addition to controlling access to our client's network setup via a p2p T1. The T1 internally terminates on a router with the inside router interface plugged into the DMZ of our PIX.
In order for us to access our clients network they required us to get registerred IP addresses from our ISP and assign then to the network comming into thier EBP router. The registerd IP network on the DMZ is differerent from the IP network assigned to the outside interface of the PIX.
We have 188.8.131.52 as our outside address - we are using PAT from the inside network to nat and pass traffic to the internet
on the DMZ we have 10.10.10.1 assigned to the DMZ interface. We need to be able to use a global pool of 10.10.10.58-10.10.10.86
The problem we have is that we need to be able to use both the PAT for internet, and the Global pool for access to the client from the inside network of 172.16.10.0/24. When we put this in the config our internet access no longer works. if we remove the nat pool then internet does work. If we put statics nats all works. But we cannot use static nats in our production config.
Also, if there is a subnet guru around what mask could I use to specify a range of 29 addresses starting from 10.10.10.58-10.10.10.86.
I am continueing to research how to accomplish this, but any help the guru's on this forum can provide would be GREATLY appreciated!
i think you'll have to post at least the nat, global and route parts of the config.Unless I'm misunderstanding you, could you not just do this:
nat (inside) 1 0 0
global (dmz) 1 10.10.10.58-10.10.10.86
global (outside) 1 interface
with the necessary routes.