Pix 525 with mutliple Class C subnets

dlandr · ‎01-31-2003

Hi,

I have a Pix 525 6.1(1) with 2 ethernet interfaces

Inside -> lan, private adresses

Outside -> Internet

I have 3 different public subnets and I need to define static NAT in the 3 subnets that point to internal servers.

Can I do that with the Pix. All I have seen for now is that I can only specify one Ip address for the outside interface.

Exemple of what I want to do...

subnet 206.x.1.56 --> 10.x.x.25 (dns server)

subnet 206.x.2.5 --> 10.x.x.26 (web server)

subnet 206.x.3.18 --> 10.x.x.27 (mail server)

How can I do that on the Pix

Thanks

Daniel

kagodfrey · ‎01-31-2003

If you mean those are your outside ip address that you wish to NAT, and those IP addresses are presented by the ISP to the ethernet wire on your outside interface, then

static (inside,outside) 206.x.1.56 10.x.x.25 netmask 255.255.255.255

static (inside,outside) 206.x.2.5 10.x.x.26 netmask 255.255.255.255

static (inside,outside) 206.x.3.18 10.x.x.27 netmask 255.255.255.255

should work regardless of whether the outside IP address and default route are in the same subnet as any of them, or even a completely different subnet. Rather like an example 'three interfaces with no nat' at

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/examples.htm#xtocid4

but instead of mapping (for the dmz in the example) the entire of one subnet (different to the subnet that is configured on the outside interface) to itself and using no nat, you are natting single IP addresses (again these are in a different subnets to the one that is configured on the outside interface) to private DMZ addresses.

Hope that helps

Kev

dlandr · ‎02-03-2003

I've tried your solution and it's working perfectly. I had the wrong idea that the Ip address of the outside interface was related to Nat addresses but they are different things.

Thanks,

Daniel