Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Passing internal MAC addresses through a PIX firewall?

Is it possible to pass a device's MAC address through a Cisco PIX firewall?

Here's my situation: We've just had new security camera digital video recorders installed. The DVRs are on our internal network, behind the firewall.

Campus Security (outside the firewall) need to access these DVRs.

I've set up a static IP mapping on the PIX, and ACLs. But apparently the CCTV software also needs to see the MAC address of the DVRs to identify them. As things stand, the software is only getting the MAC address of the firewall.

I've Googled and read the Cisco site, but haven't found anything that says this can be done.

Is it possible for the PIX to pass and internal device's MAC address to outside hosts?

It's a Cisco PIX 515E, running software version 7.2


Hall of Fame Super Blue

Re: Passing internal MAC addresses through a PIX firewall?


You would need to run your pix in transparent mode ie. the pix acts as a layer bridge between 2 vlans but you can still filter the traffic. Obviously this would have a huge knock on effect if you are currently running in routed mode but that is the only way i know of achieving what you want.

As a further point. Your pix device should support contexts so you may be able to use a separate context for the transparent firewall. I have only used contexts on the FWSM v2.x code and you couldn't mix routed/transparent contexts on the same device but i believe that restriction was removed with v3.x software on FWSM which is equivalent to v7.x code on pix.


CreatePlease to create content