PIX 515e no nat for a single host

Unanswered Question
Sep 9th, 2010
User Badges:

I'm using a PIX 515e using two interfaces (inside / outside) with a block of public ipaddresses.  NAT is currently enabled but I need to add a single host with a public ip address and no nat.  The host does not work well using NAT.  Any suggestions?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
manish arora Thu, 09/09/2010 - 09:56
User Badges:
  • Silver, 250 points or more

umm , few options :-

1> subnet the address block further and add a static route for that subnet in the pix. for ex --

if you have /25 assigned by the isp which could be so subnet it as ( and get a /30 in from the end part of the remaining like and then point

or add a static route on the pix as ip route ( where is the next hop for that subnet where the host exist ).

2> place a L2 dumb switch inbetween pix and isp and have pix, isp and the host connect to that switch with a public ip address but this leaves your host without any firewall protection.

3> have you isp provide you with a small subnet routed to your pix external ip and then you can further route that subnet to internal next hops.

i hope that i am making any sense here



golly_wog Thu, 09/09/2010 - 14:27
User Badges:

A single address and no nat? Are you saying this host will use the same address on the inside as the outside?

If so static identity nat is your friend.


static (inside,outside)


This Discussion

Related Content