https://community.cisco.com/t5/network-security/multiple-interface-pix-w-o-nat/m-p/232359#M564859 <HTML><HEAD></HEAD><BODY><P>what does your config look like? you will need nat 0 commands to disable nat</P></BODY></HTML> Wed, 09 Jun 2004 18:28:35 GMT mostiguy 2004-06-09T18:28:35Z https://community.cisco.com/t5/network-security/multiple-interface-pix-w-o-nat/m-p/232358#M564858 <P>I'm having an issue configuring a 515e and I'm hoping some can help me out.</P><P></P><P>The pix in question has 5(U/R lic) interfaces. Four are connected to different subnets and one points to the edge router. Communication between the four internal subnets is controlled by access-lists. As the networks are internal I don't want to use NAT (the edge router has a nat pool for internet access).</P><P></P><P>I guess my question is can I enable communications without using a nat command. So far I can not get from one subnet to the other (or to the outside using the default route for that matter). All the config docs I have found have the nat commands as part of the config routine.</P> Fri, 21 Feb 2020 07:27:14 GMT https://community.cisco.com/t5/network-security/multiple-interface-pix-w-o-nat/m-p/232358#M564858 caseman 2020-02-21T07:27:14Z https://community.cisco.com/t5/network-security/multiple-interface-pix-w-o-nat/m-p/232359#M564859 <HTML><HEAD></HEAD><BODY><P>what does your config look like? you will need nat 0 commands to disable nat</P></BODY></HTML> Wed, 09 Jun 2004 18:28:35 GMT https://community.cisco.com/t5/network-security/multiple-interface-pix-w-o-nat/m-p/232359#M564859 mostiguy 2004-06-09T18:28:35Z https://community.cisco.com/t5/network-security/multiple-interface-pix-w-o-nat/m-p/232360#M564860 <HTML><HEAD></HEAD><BODY><P>here is a quick copy ofthe config. I've dropped all the other interfaces and deleted the service groups, etc for easy trouble shooting. The only objects in use right now are the inside and outside interfaces, with only the implicit "allow all" rule being active.</P><P>&gt;&gt;&gt;&gt;&gt;&gt;&gt;</P><P>PIX Version 6.3(3)</P><P>interface ethernet0 auto</P><P>interface ethernet1 auto</P><P>nameif ethernet0 outside security0</P><P>nameif ethernet1 inside security100</P><P>names</P><P>access-list inside_outbound_nat0_acl permit ip any any </P><P>pager lines 24</P><P>icmp permit any outside</P><P>icmp permit any inside</P><P>mtu outside 1500</P><P>mtu inside 1500</P><P>ip address outside 192.168.1.2 255.255.255.0</P><P>ip address inside 172.16.192.224 255.255.255.0</P><P>nat (inside) 0 access-list inside_outbound_nat0_acl</P><P>route outside 0.0.0.0 0.0.0.0 192.168.1.1 1</P><P></P><P>&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;</P><P></P><P>Machines on the internal interface can ping that interface, and the outside interface can ping the next hop (router ip 168.192.1.1), but inside machines can't get across the pix to the router. I've tried it with and without the nat exemptions.</P><P></P><P></P></BODY></HTML> Thu, 10 Jun 2004 13:33:25 GMT https://community.cisco.com/t5/network-security/multiple-interface-pix-w-o-nat/m-p/232360#M564860 caseman 2004-06-10T13:33:25Z https://community.cisco.com/t5/network-security/multiple-interface-pix-w-o-nat/m-p/232361#M564861 <HTML><HEAD></HEAD><BODY><P>Ok, nevermind, I figured it out. Thanks for the nat 0 help</P></BODY></HTML> Thu, 10 Jun 2004 16:34:14 GMT https://community.cisco.com/t5/network-security/multiple-interface-pix-w-o-nat/m-p/232361#M564861 caseman 2004-06-10T16:34:14Z