Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

static NAT, to non-connected subnet

I'm using a PIX 515E with version 7.0, connected on the outside to the Internet, and on the inside to a router, both with IPs in the subnet. "Behind" the router is a subnet. I want to configure static NAT entries on the PIX from public to 192.168.1.X IP addresses, but am unsure if the PIX will allow NAT to a non-connected subnet? I have a static route on the PIX for pointing to the router. Any thoughts?

Hall of Fame Super Blue

Re: static NAT, to non-connected subnet

As long as

1) The public IP addresses are routed to the outside interface of the pix

2) The pix knows how to route to the internal 192.168.1.x/24 subnet

then yes this will work. The internal subnet does not need to be directly connected to the pix.


Re: static NAT, to non-connected subnet

adding to Jon,

You also need to make sure that traffic between and the Internet is allowed on the router. And of course the router should have a default gateway pointing to the firewall's inside interface.

New Member

Re: static NAT, to non-connected subnet

Fantastic, thanks!!