I have a PIX 506 with two interfaces. The PIX is only used between to private network segements for some political reason. Here the description is:
PIX outside interface is on 184.108.40.206 network and PIX outside interace address is 220.127.116.11 connected to Cataylyst switch.
PIX Inside interface is on 172.16.17.0 network and the Inside interace adddress is 172.16.17.2 is connected to another catalyst switch. The internal router is also connected to catalyst switch and the ip address of the router is 172.16.17.1.
I have configured the access-list to allow outside hosts to access traffic on inside network. In order for traffic to go through between the PIX and internal router, I asked customer to build a static route on a router such as
Ip route 18.104.22.168 255.255.255.0 172.16.17.2, but instead they want to do NAT to translate outside address to the inside address. For some political reason, they can't build the route into a router.
Is address translation possible between to private segments. I don't think it is possible, and my reason are:
If I use any fake segment such as 192.168.1.0, just for translate customer's outside network to inside address, then I will have to put my PIX's outside address on this fake segement. Outside hosts default gateway will still be pointing at 22.214.171.124 address, and since there is no router between the PIX's outside network and catalyst switch, then the traffic from the hosts will not be able to reach to the PIX.
Is there any other solutions to provide connectivity between PIX outside network and the Internal router without being installing a route into a Internal router.
The Pix can NAT traffic from its inside interface to outside to ANY address. It doesn't matter if the Pix's outside interface is on that subnet or not.
The easiest thing for you to do is not add any routes to the router on the outside interface. Rather, you have the Pix NAT inside traffic to addresses that are on the outside interface. The Pix will reply to ARP requests for those addresses.
If the router on the inside does not use the Pix as a default gateway, it will need a route to whatever traffic comes from that outside interface of the Pix. Of you can use bi-directional NAT to translate traffic from hosts on the outside interface to addresses on the Pixs inside interface. Here the Pix will also reply to ARPs for those translated addresses just like on the outside. Then routes shouldn't be needed inside or outside.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...