Showing results for 
Search instead for 
Did you mean: 

Outside users cannot get to servers behind PIX firewall.


Core issue

A border router was previously handling security, and each server had an Internet routable address. Now the servers are using a private address range, and the PIX is performing static Network Address Translation (NAT). After putting the PIX between the server and the border router, clients on the Internet are unable to access the servers.


Check the following items listed below to resolve your problem:

  1. Issue the clear arp-cache command on the border router. This clears the Address Resolution Protocol (ARP) table on the router, allowing it to learn the MAC address of the PIX for the statically translated addresses of the servers. 

  2. If the PIX is the only device between the servers and the Internet, then make sure that default gateways configured on the servers point to the inside interface of the PIX. If the servers are not on the same internal segment as the PIX and have another internal router in between, then the default gateway should point to that router's interface connected to the same segment as the servers. 

  3. If the PIX's outside interface is connected directly to the border router, make sure that the default gateway on the PIX is configured to point to the interface on the border router which is connected to the PIX.