Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco PIX

Posted on 2007-03-22
9
Medium Priority
?
393 Views
Last Modified: 2010-04-09
Hello,

Does a PIX global NAT address have to be in the same network as the outside interface?
0
Comment
Question by:Ciderspine
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 20

Assisted Solution

by:RPPreacher
RPPreacher earned 600 total points
ID: 18773618
Yes.
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 18773673
Actually, it will let you configure it on 6.3(5) (I just tried it), but it may or may not function properly due to routing issues.  Under certain circumstances, like using secondary addressing on your next hop edge router, you could probably get this to work, but that's a special setup.  Typically, you wouldn't want to do this even though the firewall will let you.
0
 

Author Comment

by:Ciderspine
ID: 18773736
And I presume it's the same for a static NAT - has to be on same network as outside, too?

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:Ciderspine
ID: 18773854
What if you wanted to use a /30 network between the PIX and a router? Is this not possible?
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 18774049
No, the static NAT does not have to be on the same network.  I've done this before with secondary addressing on the ISP next hop router.  As long as the ISP is routing a second net block of addresses to that router and they configure the interface with a secondary address on that additional public network segment, it should work.

You can use a /30 between the PIX and the router.
0
 

Author Comment

by:Ciderspine
ID: 18775420
Thanks,

So the Global NAT must be on the same network as the outside interface. But if I had a static NAT that was publishing an internal webserver for example, I could use IPs from a different network than the outside interface? We're an academic intsitution and we connect to JANET. The next hop router has routes for all the public networks we've been allocated.

Ben
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 18775973
Yes, you can do this.  I've done it before and it works via proxy arp, just like any other translation.
0
 

Author Comment

by:Ciderspine
ID: 18778192
Thanks.

<You can use a /30 between the PIX and the router.>

If I use a /30 network betweent PIX and router does that mean I have to use the PIX outside interface for the Global NAT because there are no more addresses to use in that /30 range?

Ben
0
 
LVL 28

Accepted Solution

by:
batry_boy earned 900 total points
ID: 18780244
That is correct.  There would only be two usable addresses and the other one would be of course your next hop gateway.  :)
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question