Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.


routing or nat

hi all,

how do i make my pix understand the traffic coming from my remote location office connected through mpls connection

we have 1 remote location connected to main office, both sides have routers configured and working properly using ip addresses as following.

remote location ip subnet :

main office ip subnet :

now the remote office works okay with main office but now few of the computers need to be given the access to internet therefore, now the i would have to tell the remote router to route the http traffic to main office and main office router to route towards pix local interface.

Problem comes that it's not happenings, when doing a traceroute i can see that i reach the main branch router and then nothing happenes.

how to i configure the pix to accept the traffic coming from different sub net from the one it has on it's local interface ???


Re: routing or nat

Please advise how do you make the router forward those Internet traffic to PIX ? I assume it will be policy-based routing or a default route to the PIX. PIX should do the NAT before transmit the packet to the ISP. Moreover, the PIX also need to point to the main office router as gateway.

If there is still the problem, please provide the routers' configuration.

Hope this helps.


Re: routing or nat

my senario is like: text file attached as diagram.txt

On Remote Machine the gateway is *remote router

On Remote Router i have *ip route

on Main Off Router i have *ip route (pix inside interface)


I think i am not following you correctly,

1. i have added the remote subnet as the inside subnet on my pix" by route inside command as

route inside

a little help would be great as i am really stuck

New Member

Re: routing or nat

hello zulqurnain

you said nothing happened on pix ,i think perhaps the pix teardown or drop your trace flow. try to debug and observe what happen on pix .


New Member

Re: routing or nat

Hi ,

If the network is connecting the Internet through the PIX do the following :

1- In remote router configure defualt gateway the main office

ip route

2-In the main route configure default gateway to PIX

ip route PIX

3-In the PIX , (I assume the traffic from main router is in high level securety ( inside) than zone going to internet zone ( internet) )

- Creat PAT for subnet

nat(inside) 1

global(internet) 1 X.X.X.X

where X.X.X.X is public IP

4- make sure that PIX knows how to get network

ip route main router



Re: routing or nat

well, i did what you told me to and when i ping subnet from pix while enabling the icmp trace, i see

453: ICMP echo request (len 32 id 9233 seq 0) outside interface > NO response received -- 1000ms


Re: routing or nat

Did you find any log in PIX that drop the ICMP packet ?