Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

PIX506E without NAT (multiple public IPs)

Hi,

I've never configured a PIX506E without NAT but I'm planning on doing it for one of my customers (their PBX/VOiP server requires a no-Nat connection). They're going to have a T1 router route the addresses to the PIX, the PIX will have public addresses on both interfaces (outside/inside) and then I was planning on putting static routes to the other internal IPs via the inside interface. Will this work and if not, can you guys recommend a better way of accomplishing this? Any input will be greatly appreciated.

Thanks!

1 REPLY
New Member

Re: PIX506E without NAT (multiple public IPs)

It can work I think. Although are the other internal IPs going to be routed to another router/l3 switch? The PIX does not handle having multiple virtual IPs per interface very well (it requires using VLANs and dot1q trunking). Also when using public IPs behind a PIX you have to configure a static nat statement even so to ensure that it's handled correctly. Basically all traffic going through a pix either has to be NATed or explicitly indicated to be not NATed. for example:

static (inside,outside) 4.2.2.0 255.255.255.0 4.2.2.0 255.255.255.0

If you're not used to the PIX this type of command seems redundant, but it actually enables the PIX to pass the public IPs on the inside interface thru the device.

117
Views
0
Helpful
1
Replies
CreatePlease to create content