Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
4
Replies

Best way to config a PIX without NAT

tkpsimon
Level 1
Level 1

‎09-10-2003 08:22 AM - edited ‎02-20-2020 10:59 PM

I have tried, "NAT (inside) 0 x.x.x.x 255.255.255.0"

it's working, but some how outside host cannot access anything behind the pix unless the inside machine start a session to outside first.

Any idea why this happen? is this normal?

any idea would be appreciate.

0 Helpful
4 Replies 4

mostiguy
Level 6
Level 6

‎09-10-2003 08:36 AM

That is normal - you need to write an access list to open ports, and apply it to the outside interface

0 Helpful

tkpsimon
Level 1
Level 1
In response to mostiguy

‎09-10-2003 08:42 AM

Thanks for your reply,

actually i already have ACL apply on the outside interface, let set permit icmp any any. But problem still happen to be that way, always require inside host to initial traffic, then outside can access.

I understand this is not a big of issue, but for web server, it's kind of annoying. We always need to send out icmp to outside.

0 Helpful

r.sneekes
Level 1
Level 1
In response to tkpsimon

‎09-18-2003 07:39 AM

You need to a nat 0 rule with an access-list for this to work.

For example:

nat 0 (inside) access-list no-nat

access-list no-nat permit ip 10.10.0.0 255.255.0.0

0 Helpful

atdhingr
Level 1
Level 1

‎09-19-2003 03:41 AM

you need a static and an ACL for outside users to initiate a connection inside:

static(inside,outside)

access-list 101 permit ip any

access-group 101 in interface outside

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card