https://community.cisco.com/t5/network-security/pix-515e-clarify-on-nat/m-p/483760#M557973 <HTML><HEAD></HEAD><BODY><P>Looks like you have PPTP connections coming into this PIX from the outside (all the vpdn commands down the bottom), and the two lines you're wanting to delete are for that. I wouldn't recommend deleting them unless you're sure the PPTP connectivity is no longer allowed. They specifically tell the PIX not to NAT traffic destined for the PPTP tunnel, which is the correct thing to do.</P><P></P><P>Your other nat/global pair is fine. The keyword "interface" in the global command tells the PIX to PAT everything to whatever IP address is configured on the outside interface, so leave it as is. The nat statement having all zeroes simply means any packet coming in from the inside will be PAT'd as it goes out, regardless of its IP address. If you like you can make this more specific to only cover your actual internal subnet with the command you specify above. </P></BODY></HTML> Mon, 23 May 2005 01:09:44 GMT gfullage 2005-05-23T01:09:44Z https://community.cisco.com/t5/network-security/pix-515e-clarify-on-nat/m-p/483759#M557971 <P>hi,</P><P>Pls find the attached files.</P><P>New to PIx firewal.</P><P></P><P>128.1.1.248 is not given by ISP. </P><P>do let me know whether the following can be deleted: </P><P></P><P>1)access-list inside_outbound_nat0_acl permit ip any 128.1.1.248 255.255.255.248 </P><P></P><P>2)nat (inside) 0 access-list inside_outbound_nat0_acl </P><P></P><P>is this correct: </P><P>"global (outside) 10 interface" to be changed to "global (outside) 10 public interface IP" </P><P>and </P><P>"nat (inside) 10 0.0.0.0 0.0.0.0 0 0" to be changed to "nat (inside) 10 128.1.1.0 255.255.255.0 0 0</P><P></P><P>Regards,</P><P>Prashanth</P><P></P><P> </P><P></P> Fri, 21 Feb 2020 08:09:42 GMT https://community.cisco.com/t5/network-security/pix-515e-clarify-on-nat/m-p/483759#M557971 prashanth15 2020-02-21T08:09:42Z https://community.cisco.com/t5/network-security/pix-515e-clarify-on-nat/m-p/483760#M557973 <HTML><HEAD></HEAD><BODY><P>Looks like you have PPTP connections coming into this PIX from the outside (all the vpdn commands down the bottom), and the two lines you're wanting to delete are for that. I wouldn't recommend deleting them unless you're sure the PPTP connectivity is no longer allowed. They specifically tell the PIX not to NAT traffic destined for the PPTP tunnel, which is the correct thing to do.</P><P></P><P>Your other nat/global pair is fine. The keyword "interface" in the global command tells the PIX to PAT everything to whatever IP address is configured on the outside interface, so leave it as is. The nat statement having all zeroes simply means any packet coming in from the inside will be PAT'd as it goes out, regardless of its IP address. If you like you can make this more specific to only cover your actual internal subnet with the command you specify above. </P></BODY></HTML> Mon, 23 May 2005 01:09:44 GMT https://community.cisco.com/t5/network-security/pix-515e-clarify-on-nat/m-p/483760#M557973 gfullage 2005-05-23T01:09:44Z https://community.cisco.com/t5/network-security/pix-515e-clarify-on-nat/m-p/483761#M557977 <HTML><HEAD></HEAD><BODY><P>thanks gfullage for your explanation</P><P></P><P>Cheers,</P><P>Prashanth</P></BODY></HTML> Mon, 23 May 2005 06:23:04 GMT https://community.cisco.com/t5/network-security/pix-515e-clarify-on-nat/m-p/483761#M557977 prashanth15 2005-05-23T06:23:04Z