cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8901
Views
0
Helpful
1
Replies

nat (inside) 0 access-list NoNAT_inside

Colourful
Level 1
Level 1

Can someone Explain what the following does on my PIX firewall

nat (inside) 0 access-list NoNat_Inside

access-list NoNat_Inside line 1 permit ip lan 255.255.0.0 dmz 255.255.255.0

Lan = 10.10.0.0

DMZ= 172.172.172.0

I'm am under the impression it denies the DMZ from being nated as I can't access the internet directly from a server within the DMZ.

Kind regards,

Jake

1 Accepted Solution

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

That exempt traffic from LAN and DMZ and vice versa from being NATed.

If you would like to access internet from a server in DMZ, then you would need to configure NAT statement on DMZ:

nat (dmz) 1 172.172.172.0 255.255.255.0

Assuming that you already have "global (outside) 1 interface", or "global (outside) 1 " command.

View solution in original post

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

That exempt traffic from LAN and DMZ and vice versa from being NATed.

If you would like to access internet from a server in DMZ, then you would need to configure NAT statement on DMZ:

nat (dmz) 1 172.172.172.0 255.255.255.0

Assuming that you already have "global (outside) 1 interface", or "global (outside) 1 " command.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: