Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Routing from LAN to public IP assigned to firewall

I wanted to verify something I believe cisco at one point told me about routing from inside to the outside interface.

My firewall is assigned the network for the outside interaface. The inside interface is assigned The DMZ is assigned the subnet When machine on the inside interface wants to access the internet, they use the IP I have port-forwarding using the outside IP address that forwards to a machine in the DMZ.  The firewall is a PIX 515E.

Now if I log into a machine on the inside interface (LAN and try to ping the address, it fails. I believe I've been told by cisco that be design, this can't happen.

Is that correct? If not is it something I can change in the pix config?




Routing from LAN to public IP assigned to firewall

can you send us the config.


Please remember to rate useful posts, by clicking on the stars below.


Routing from LAN to public IP assigned to firewall

Hello Kevin,

Remember, you ahve just forwarded ports on that outside IP, you are not completely natting the machine to the outside IP, you arer just using some specific ports on it. Hence ping traffic would not be natted. If you have a one to one static statements, ping would work for it.

Hope that helps.



Thanks, Varun Rao Security Team, Cisco TAC
New Member

Routing from LAN to public IP assigned to firewall

I guess I was using a ping for an example.

The real problem is I have a monitoring and ticketing system that use sendmail to relay email messages. They sit on the NAT LAN on the inside interface.

So when machine on the LAN tries to send an email to the primary smtp server of (outside interface) thats really a machine in the DMZ ( it ends up sending it to the secondary mx server which is a server outside that network associated with the PIX

Routing from LAN to public IP assigned to firewall


I think you are not being clear enough to understand what is really going on.

As Varun said you need to translate the right ports from the DMZ to the inside as you want the inside user to be able to go to the DMZ and that is because I suspect you have nat control enabled.

My recomendation would be:

1- Explain the issue one more time, this time being clear and specific

2-Provide us the running-configuration

Then one of our experts on this forum will reply with the answer of your problem.



DO rate all the helpful posts

Looking for some Networking Assistance? Contact me directly at I will fix your problem ASAP. Cheers, Julio Carvajal Segura