Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
251
Views
0
Helpful
1
Replies

NAT Confusion - PIX 6.3.4/7.0

AmyColiso
Level 1
Level 1

‎11-08-2005 11:00 AM - edited ‎02-21-2020 12:30 AM

I am having translation issues, have tried upgrading to 7.0, then went back to 6.3, all because of NAT.

I have the following setup: switch connects to Eth1 on PIX, PIX Eth0 goes out to border router. We have two networks, that need to go out to the net, both have public addresses. so, we did:

access-list no_nat permit ip any any

nat (inside) 0 access-list no_nat

static (inside,outside) abcd abcd (where abcd in my inside but public ips)

I thought having the access-list (policy nat) wtih the nat 0 would mean traffic originating from the inside, would be allowed back in. It isn't working. Do I need a nat for the outside? I am confused..suggestions appreciated, what is meant by nat exemption in 7.0?

0 Helpful
1 Reply 1

haithamnofal
Level 3
Level 3

‎11-08-2005 01:13 PM

Bi-directional communication (b/ inside and outside) cannot be achieved with NAT 0 unless the connection is initiated by the hosts located in the internal network.

In order to allow communication b/ outside and inside with no translation, you may want to try the following:

static (inside,outside) netmask

That allows inside network to be translated on the outside and as consequence it can be accessible from the public with their original IPs which are public IPs in your case.

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card