Hi, That works fine. You just need to enable routing to that remote subnet to the local SVI on the switch.
-ryan -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Granados Sent: Friday, July 31, 2009 2:48 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] can you port forward to a non connected subnet? Hi, I have a question RE port forwarding. BACKGROUND We have a pix with two interfaces. One public interface has a static outside of 206.x.x.77 and we have an internal interface with an interface IP of 10.18.7.254. On the inside interface we attach a core switch with lots of VLANs with different subnets attached and routing enabled in the switch. The default route on the core is set to point at 10.18.7.254 and nat is enabled. One of these VLANS has a subnet of 10.18.4.128/26 which hosts some servers. The servers are obviously not directly connected to the segment where the Pix is attached but they can route out to the Internet via the pix and reach 10.18.7.254 with out issue. My question is can you map a port from the outside to one of the 10.18.4.128/26 servers through the core or does that server have to be a member of the 10.18.7.225/27 subnet where the pix is directly connected? Would something like the following work? static (inside,outside) 206.x.x.77 10.18.4.142 netmask 255.255.255.255 0 0 and the ACL access-list acl-outside permit ip any 206.x.x.77 eq 80 If this will work, does anything special need to be configured or will this not work at all? Also, if this does work is there anything particularly bad or bad form about this type of arrangement? Any pointers would be appreciated. Thank you Scott _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/