02-22-2009 09:42 PM - edited 03-11-2019 07:54 AM
hello
we are using PIX 525 (version 7.2(3))
when i configure an rdp access (for example) from inside to a computer in DMZ, i configure the access rule (in security policy) then i MUST configure a NAT rule that keeps my IP unchanged between inside and DMZ:
static (inside,DMZ-WEB) IT_VLAN IT_VLAN netmask 255.255.0.0
is it possible to bypass this NAT rule?
In other words: is it possible to say to PIX: if you find a NAT rule, then use it. And if you don't find a NAT rule then just route the packet and don't ask for a NAT rule like above?
i found a command called no nat-control. i am not sure this the solution. i tried it but it did not work!
any help
thanks
Solved! Go to Solution.
02-23-2009 02:12 AM
The no-nat control globally inforces NAT or disables it.
To answer your question - no. If you assume that everything going thru the firewall will be nattted. Then the only thing you need to do is write exception rules?.
HTH>
02-23-2009 02:12 AM
The no-nat control globally inforces NAT or disables it.
To answer your question - no. If you assume that everything going thru the firewall will be nattted. Then the only thing you need to do is write exception rules?.
HTH>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide