Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX and Load Balancing when using PAT instead of NAT

We have two mail firewalls (Border Ware ) in the DMZ area, their ip addresses are and

To implement load balancing (mails to be delivered to both of them in equal ) on these mail firewalls, I have been advised to use NAT for these two private ip addresses ( and to two different (not one) public ip addresses.

Since we have not got two much public ip addresses, my suggestion was to use PAT (not NAT),,,but when I use PAT can a PIX implement load balancing ?


Re: PIX and Load Balancing when using PAT instead of NAT


The answer is "No".

PAT is only for handling outbound traffic.

When you do PAT for these two servers, only the outbound traffic going out from these server will go out of PAT and share the same public ip.

You can do port forwarding with PAT, to redirect the incoming traffic to the PAT ip address, to one of your inside/dmz servers.

It means when an incoming traffic hit your pix for the destionation ip as pat ip and destination tcp port as 25( SMTP), you can configure the pix to forward that traffic to one of the servers. You can only do so to one server.

Also when SMTP is concerned, for all practical purpose it would be advisable to have dedicated public ips.


CreatePlease to create content