Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

PIX access list issues

Hi guys, I have a test PIX 515 here and I have just configured a logical interface as a VLAN. The switch can see the correct VLAN, and the pix can ping one host on the new VLAN, and vice versa, so the VLAN is operational.

I am sitting behind an interface called ABC and this is numbered and I am trying to access the network listed above on

I believe I need to create 2 static entries, nat entries for both and then create an access-list for traffic, applying the list via an access-group. Is this correct, or am I missing something here?

as far as the static entries go, are these something like:

static(abc,vlan166) netmask

For nat do I just add:

nat (abc) 1 0 0

nat (abc) 0 access-list nonatabc




Re: PIX access list issues


You only have to have 1 static NAT from the source to the destination, the PIX will work out the reverse. You would need to add another static NAT if the traffic flows in the other direction.

The above config is incorrect - let me explain:-

nat (abc) 1 0 0 - says all traffic from interface abc should be natted to the global NAT IP addressed associated with NAT id 1.

nat (abc) 0 access-list nonatabc - says any traffic from the source to the desintation in access-list nonatabc should not be natt'd

static(abc,vlan166) netmask - statically performs a same IP static network nat.


CreatePlease to create content