Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX v7.0.4 - NAT to address not on interface

I am working on a configuration where a static NAT is configured as follows (I have changed the ranges):

static(inside,outside) 10.0.0.2 192.168.1.2 netmask 255.255.255.255

interface ethernet0

nameif inside

ip address 192.168.1.1 255.255.255.0

interface ethernet1

nameif outside

ip address 192.168.2.1 255.255.255.0

In the above case the static is to an address not on any interface (but visible on the outside).

How does a PIX 7.x handle this from a security and routing perspective ?

Where is the 10.0.0.2 address bound to ?

The reason for the question is that I have a more complex scenario (6 interfaces with static & global combinations) and I am getting side effects when configuring NAT on other interfaces.

Thank you in advance for any assistance.

1 REPLY
Hall of Fame Super Blue

Re: PIX v7.0.4 - NAT to address not on interface

Hi

The pix will answer arp requests on the outside interface for the 10.0.0.2 address and depending on your acl allow traffic through and then NAT it to the 192.168.1.2 address.

As long as the 10.0.0.2 is routable to the outside interface of the pix there should be no problem.

HTH

Jon

137
Views
0
Helpful
1
Replies
CreatePlease to create content