Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can't get through PIX firewall

Hello all,

I am using a PIX 515E with two interfaces and can't get out from the inside to the outside interface. I don't need or want NAT.

The network is configured as follows...

router <---> pix <----> switch

Without the PIX the router's address is and everything works great. After inserting the PIX I changed the router's address to

The PIX is configured as follows.

nat (inside) 0 0 0

route outside 1

ip address outside

ip address inside

I also created and applied an access-list to the outside and inside interface that allows icmp packets.

When I telnet into the PIX from the inside network I can ping the inside network but can't ping the router. From the inside network I can ping the inside interface but not the outside interface.

Can anyone tell me what I have missed or am doing wrong?

Thanks in Advance

Warren Johnson

  • Other Security Subjects
Cisco Employee

Re: Can't get through PIX firewall


I have a few suggestions.

1st, I would get rid of your NAT 0 configuration. NAT0 is *always* a bad idea, unless you are by-passing nat for a VPN tunnel.

If you don't want a network to be translated, I would highly advise that you static the network to itself,

i.e. static (inside,outside)

2nd, the router probably needs to have it's arp-cache cleared with the command "clear arp"

I would issue that command on the Router as well as the PIX.

3rd, Have you verified that there is a route on your router pointing to the network? Make sure that it is reachable via the PIX on the router..


ip route

Hope that helps


New Member

Re: Can't get through PIX firewall


Thanks, I haven't tried your suggestions yet, but I'm sure the 3rd suggestion is one of the problems. I forgot to add the route back after changing the IP address on the router.

Thanks again.


Cisco Employee

Re: Can't get through PIX firewall


Anytime. I hope it works out for you


New Member

Re: Can't get through PIX firewall


I have a few more questions :-).

1. You seem to know what your talking about when you say not to use NAT 0, but I was wondering if you could enlighten me as to the reasons for that.

2. By not using NAT on the PIX does the PIX then become a transparent device as far as routing goes. Will any routes or tunnels that I have setup on the router still work?

Thanks again for your help.


This widget could not be displayed.