Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 525 with mutliple Class C subnets

Hi,

I have a Pix 525 6.1(1) with 2 ethernet interfaces

Inside -> lan, private adresses

Outside -> Internet

I have 3 different public subnets and I need to define static NAT in the 3 subnets that point to internal servers.

Can I do that with the Pix. All I have seen for now is that I can only specify one Ip address for the outside interface.

Exemple of what I want to do...

subnet 206.x.1.56 --> 10.x.x.25 (dns server)

subnet 206.x.2.5 --> 10.x.x.26 (web server)

subnet 206.x.3.18 --> 10.x.x.27 (mail server)

How can I do that on the Pix

Thanks

Daniel

2 REPLIES
New Member

Re: Pix 525 with mutliple Class C subnets

If you mean those are your outside ip address that you wish to NAT, and those IP addresses are presented by the ISP to the ethernet wire on your outside interface, then

static (inside,outside) 206.x.1.56 10.x.x.25 netmask 255.255.255.255

static (inside,outside) 206.x.2.5 10.x.x.26 netmask 255.255.255.255

static (inside,outside) 206.x.3.18 10.x.x.27 netmask 255.255.255.255

should work regardless of whether the outside IP address and default route are in the same subnet as any of them, or even a completely different subnet. Rather like an example 'three interfaces with no nat' at

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/examples.htm#xtocid4

but instead of mapping (for the dmz in the example) the entire of one subnet (different to the subnet that is configured on the outside interface) to itself and using no nat, you are natting single IP addresses (again these are in a different subnets to the one that is configured on the outside interface) to private DMZ addresses.

Hope that helps

Kev

New Member

Re: Pix 525 with mutliple Class C subnets

I've tried your solution and it's working perfectly. I had the wrong idea that the Ip address of the outside interface was related to Nat addresses but they are different things.

Thanks,

Daniel

233
Views
0
Helpful
2
Replies
CreatePlease login to create content