https://community.cisco.com/t5/network-security/avoid-nat/m-p/1167335#M875964 <HTML><HEAD></HEAD><BODY><P>The no-nat control globally inforces NAT or disables it.</P><P></P><P>To answer your question - no. If you assume that everything going thru the firewall will be nattted. Then the only thing you need to do is write exception rules?.</P><P></P><P>HTH&gt;</P></BODY></HTML> Mon, 23 Feb 2009 10:12:22 GMT andrew.prince 2009-02-23T10:12:22Z https://community.cisco.com/t5/network-security/avoid-nat/m-p/1167334#M875963 <P>hello</P><P></P><P>we are using PIX 525 (version 7.2(3))</P><P>when i configure an rdp access (for example) from inside to a computer in DMZ, i configure the access rule (in security policy) then i MUST configure a NAT rule that keeps my IP unchanged between inside and DMZ:</P><P>static (inside,DMZ-WEB) IT_VLAN IT_VLAN netmask 255.255.0.0</P><P>is it possible to bypass this NAT rule?</P><P>In other words: is it possible to say to PIX: if you find a NAT rule, then use it. And if you don't find a NAT rule then just route the packet and don't ask for a NAT rule like above?</P><P>i found a command called no nat-control. i am not sure this the solution. i tried it but it did not work!</P><P></P><P>any help</P><P>thanks</P> Mon, 11 Mar 2019 14:54:51 GMT https://community.cisco.com/t5/network-security/avoid-nat/m-p/1167334#M875963 ohassairi 2019-03-11T14:54:51Z https://community.cisco.com/t5/network-security/avoid-nat/m-p/1167335#M875964 <HTML><HEAD></HEAD><BODY><P>The no-nat control globally inforces NAT or disables it.</P><P></P><P>To answer your question - no. If you assume that everything going thru the firewall will be nattted. Then the only thing you need to do is write exception rules?.</P><P></P><P>HTH&gt;</P></BODY></HTML> Mon, 23 Feb 2009 10:12:22 GMT https://community.cisco.com/t5/network-security/avoid-nat/m-p/1167335#M875964 andrew.prince 2009-02-23T10:12:22Z