I'm having a slight problem with my current pix configuration. Before installing the pix I had a primary and secondary subnet on the internal interface of my 2621 router. One was public ips and the other was a private 10.0.0.0 subnet. They all shared the same physical lan. With the pix in place I now have the public subnet on the outside interface of the pix and the private one inside of the pix. Before doing so I try as best as I could to physically separate the public machines from the private machines, and have done so for the most part. There are however some which I was unable to separate. And so I have the pix doing a pat for all of the 10.0.0.0 computers and a few static nats, which already had been on the router. these all work. My problem is the public computers which share the same lan as the private ones. most of these I can nat but some I can't. Can I have a nat id 0 for the few public machines and have pat and static nats for the rest of my machines in the same public subnet. For instance can I pat machines to 1.2.3.4 and then "nat id 0" 1.2.3.5. From the id 0 machines I can ping the internal interface of the pix, but no further. I have all udp/tcp/icmp traffic allowed right now through the pix. If I can do this, what should be the default gateway for those computers? The internal interface of the pix or the internal interface of the router?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Nat id 0 and pat within same subnet on same interface on pix 515
- Thread starter norryguy
- Start date
- Status
