Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

static NAT, to non-connected subnet

I'm using a PIX 515E with version 7.0, connected on the outside to the Internet, and on the inside to a router, both with IPs in the 192.168.3.0/24 subnet. "Behind" the router is a 192.168.1.0/24 subnet. I want to configure static NAT entries on the PIX from public to 192.168.1.X IP addresses, but am unsure if the PIX will allow NAT to a non-connected subnet? I have a static route on the PIX for 192.168.1.0/24 pointing to the router. Any thoughts?

3 REPLIES
Hall of Fame Super Blue

Re: static NAT, to non-connected subnet

As long as

1) The public IP addresses are routed to the outside interface of the pix

2) The pix knows how to route to the internal 192.168.1.x/24 subnet

then yes this will work. The internal subnet does not need to be directly connected to the pix.

Jon

Re: static NAT, to non-connected subnet

adding to Jon,

You also need to make sure that traffic between 192.168.1.0/24 and the Internet is allowed on the router. And of course the router should have a default gateway pointing to the firewall's inside interface.

New Member

Re: static NAT, to non-connected subnet

Fantastic, thanks!!

196
Views
0
Helpful
3
Replies