Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

NAT problem

I have a PIX525 running 8.0(3) with 256MB RAM & running Restricted License.

When i use OUTSIDE Interface NAT the NATing works fine.

But when i user any other Global IP for NATing it's not working.

Pl. help.


Re: NAT problem

It depends on the way which you configure the PIX.

Community Member

Re: NAT problem

Well it's configured preety simple.

There is a NAT statement for my private IP's

Nat(inside) 1

& global(outside) 1 interface

It works well on this.

But for the following config it's not working.

Nat(inside) 2

global(outside) 2

There's ACL for permitting from INSIDE to OUTSIDE.

permit ip any

permit ip any.

Re: NAT problem

you should do "clear xlate local" "clear local-host"

after that.

Re: NAT problem


Not sure what are you trying to achieve, but i a better setup will be:

Nat(inside) 1

Global(outside) 1 interface

Static (inside,outside) netmask

This will ensure will be NATed to while all the other 10.x.x.x addresses will be NATed to the outside interface IP.

Furthermore, now the can be accessed from the Internet if it is a servers and if your Access-list allows it.

Please rate if this helped.



Community Member

Re: NAT problem

what I want is from certain subnet and from certain hosts I should be able to use a different global ip. This is for all outbound traffic only.

I even tried with (debug icmp trace) when I config diff global for nat the request comes on pix, it shows translating but no reply from the host located on the outside interface.

But when the outside interface is used for global i get a reply from the outside host.

Can u pl help.

Community Member

Re: NAT problem

I had a simular issue, it ended up being the default gateway of my client system not being setup properly. Check the default gateway of the client, it should be the outside ip address.

CreatePlease to create content