Showing results for 
Search instead for 
Did you mean: 

Identity NAT - nat 0 with PIX firewall

Level 1
Level 1


As far as I uderstand nat 0 doesn't translate anything, the same IP appears on both sides of the firewall. This could be the case if we are having registered IP addresses on the inside and outside.

If the packets just flow from one interface to another what the difference it makes from the simple routing then? Wouldn't the packets flow without any nat 0 statements?


Kind regards,


2 Replies 2

Level 3
Level 3

The difference is that your internal hosts are still protected by the firewall's adaptive security algorithm. Traffic from outside to inside is allowed only if there is a matching xlate entry.

As far as I know packets will not flow without you using some form of NAT or static statements.

Here is a few lines from my PIX config:


;PIX Version 6.3(5)

ip address outside

ip address inside

route outside 1

access-group acl_out in interface outside

access-list acl_out permit ip any interface outside

A host ( from the outside network is able to access an FTP server on the inside network. There is not NAT at all and packets flow. Is this correct?

Then I removed route statement and still able to access inside FTP from outside host.

Please someone cooment or explain.

Another question. Do I need to save configuration and then maybe restart the PIX for config to become effective? In the above example I just removed nat and static statements not saving config.

Review Cisco Networking for a $25 gift card