Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Host on DMZ with Public IP - Advice Please.

I would be grateful if anyone can enlighten me with regards to placing a server with a public IP within a DMZ on a PIX.

I am relatively familar with static translations, those mapping public IPs to internal hosts but I have never had a host within a DMZ with a public IP.

I used the command;

static (dmz1,outside) netmask

combined with an ACL on the outside interface to allow connections in.

However after doing this the server does not seem reachable. The DMZ interface IP is and I am scratching my head as to whether it is routing.

I was expecting the PIX to have the intelligence to know that the server was on the DMZ due to the static statement and just map straight to it - maybe I am wrong??

Is there anything else I need to add ? Do I need to 'nat (dmz1) 0' ?


Re: Host on DMZ with Public IP - Advice Please.

With the static you have in place, your routing the IP, not translating it. Since the server has an IP of, you'll need a different translation.

static (dmz1,outside) netmask

HTH and please rate.

New Member

Re: Host on DMZ with Public IP - Advice Please.

So I am unclear here. Are you trying to static a public address to another public address?

In my experience, I would put the host on the DMZ network (say and then static to that (ie. static (dmz1,outside) netmask ) then you could do nat (dmz1) 1

Hope this helps,


Re: Host on DMZ with Public IP - Advice Please.


You need to do something like Brandon suggested above. Firewall aside, you can't have a device on a subnet that's different from the gateway's (fw) subnet as they can't talk to each other. Hence, your server can't be on a public NET while the DMZ subnet, the server physically resides on, is on a private NET as it would break IP communication between the firewall and the server.



CreatePlease to create content