Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1430
Views
0
Helpful
2
Replies

PIX 515e no nat for a single host

dustinlantz
Level 1
Level 1

‎09-09-2010 09:32 AM - edited ‎03-11-2019 11:37 AM

I'm using a PIX 515e using two interfaces (inside / outside) with a block of public ipaddresses.  NAT is currently enabled but I need to add a single host with a public ip address and no nat.  The host does not work well using NAT.  Any suggestions?

Thanks!!

Labels:
0 Helpful
2 Replies 2

manish arora
Level 6
Level 6

‎09-09-2010 09:56 AM

umm , few options :-

1> subnet the address block further and add a static route for that subnet in the pix. for ex --

if you have /25 assigned by the isp which could be 2.2.2.0/25 so subnet it as

2.2.2.0/26 ( 2.2.2.0-64) and get a /30 in from the end part of the remaining like 2.2.2.124/30 and then point

or add a static route on the pix as ip route 2.2.2.124 255.255.255.252 10.0.0.2 ( where 10.0.0.2 is the next hop for that subnet where the host exist ).

2> place a L2 dumb switch inbetween pix and isp and have pix, isp and the host connect to that switch with a public ip address but this leaves your host without any firewall protection.

3> have you isp provide you with a small subnet routed to your pix external ip and then you can further route that subnet to internal next hops.

i hope that i am making any sense here

thanks

Manish

0 Helpful

golly_wog
Level 1
Level 1

‎09-09-2010 02:27 PM

A single address and no nat? Are you saying this host will use the same address on the inside as the outside?

If so static identity nat is your friend.

eg

static (inside,outside) 22.1.2.3 22.1.2.3

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card