• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 433
  • Last Modified:

PIX515 Static IP

we have a whole block of IP's from our ISP, x.x.x.0-x.x.x.x.255. In our PIX515 i am trying to configure one server to have its own static IP. all users grab an IP from a pool x.x.x.10-x.x.x.99. a few other servers are already configured to have their own static IP's, x.x.x.200 - x.x.x.208 and that is working fine, however when i add the new one, it keeps using one of the IP's from the pool as if im not even configuring it the other way. Any idea why its not using the correct IP??

internal ip of machine,
WAN IP to use x.x.x.209
config of pix

global (outside) 1 x.x.x.10-x.x.x.99
global (outside) 1 x.x.x.100
nat (inside) 1 0 0
static (inside,outside) x.x.x.209 SER10 netmask 0 0
static (inside,outside) x.x.x.200 SER1 netmask 0 0
static (inside,outside) x.x.x.201 SER2 netmask 0 0
static (inside,outside) x.x.x.202 SER3 netmask 0 0
static (inside,outside) x.x.x.203 SER4 netmask 0 0
static (inside,outside) x.x.x.204 SER5 netmask 0 0
static (inside,outside) x.x.x.205 SER6 netmask 0 0
static (inside,outside) x.x.x.206 SER7 netmask 0 0
static (inside,outside) x.x.x.208 SER8 netmask 0 0
static (inside,outside) x.x.x.207 SER9 netmask 0 0
access-group acl_outside in interface outside
access-group outbound in interface inside
route outside x.x.x.1 1

  • 2
  • 2
1 Solution
If SER10 is configured as then it should work fine. You might want to issue the 'clear xlate' command to clear and reset the translation table incase there is an existing entry confusing it.
akalbfellAuthor Commented:
clear xlate will not cause any connection drops or anything?
It will cause any current connections to drop.
akalbfellAuthor Commented:
yeh i thought so, ok i will do this tonight when everyone is gone and follow up. Im sure this is the problem.
What version PIX OS? Some versions older than 6.3(4) have a bug that new static xlates won't "take" until or unless the pix is rebooted.

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now