Can PIX run in non-NAT mode?

kongfui · ‎09-17-2004

Can a PIX firewall do routing and protect internal network without NAT?

a.awan · ‎09-18-2004

PIX can protect the internal network even if you do not want to do NAT on the PIX. Read the Nat 0 (Identity NAT) section of the PIX command reference at:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ab.html#wp1032129

As far as routing is concerned, well PIX does support static routes, RIP, and newer versions supports OSPF also. What exactly are you trying to achieve?

kongfui · ‎09-18-2004

I just want to connect the PIX to 3 network segments and control the traffic flowing among the segments, all 3 segments are on local area network and no NAT is necessary because it's done by a WAN router.

One of the network segments is DMZ, one is internal private network and last one is to connect to WAN router.

If I run NAT on the PIX, then it will become double-NAT because the WAN router is also a NAT gateway.

Thanks a lot, you have solved my 2 problems in a day.

a.awan · ‎09-18-2004

Glad to be of any help. If you face any issues during your actual implementation do post here and we will try to help as much as we can.

kongfui · ‎09-18-2004

Thanks. This forum is really of great help.

davecs · ‎09-22-2004

I would actually use Exemption NAT, like Identity NAT but doesn't require the use of statics for incoming traffic.

Cheers

Dave