11-22-2002 08:21 AM - edited 02-20-2020 10:23 PM
Hi,
I have a scenario where I don't want to do any address translation. Is it sufficient to use only a static command e.g.:
static (inside,outside) 10.40.2.0 10.40.2.0 netmask 255.255.255.0 0 0
for traffic both ways (outside to inside, inside to outside) ?
or do I also need a:
nat (inside) 0 10.40.2.0 255.255.255.0 0 0
to let traffic out (inside to outside)?
regards rolf
11-22-2002 08:40 AM
Hi, by default the PIX doesn't perform any kind of NAT or filtering (from the inside to the outside) so i guess you don't have to configure any of those lines.
Have you tried the communications without those lines?
Regards!
11-23-2002 05:04 AM
Hi,
for allowing traffic both ways you need to configure two things:
first you needs a translation command of the translation of the internal addresses to the outside addresses (even if you don't want translation of the source addresses).
dynamic translation:
nat (inside) 0 10.40.2.0 255.255.255.0 0 0
This command allows traffic passing through the firewall from inside to outside. Also responses to valid requests are allowed back in.
The second thing you have to do:
if you want to allow sessions initiated from the outside to the inside, you have to configure access-lists. Find the syntax of the access-list command on this page:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/ab.htm#xtocid7
If you still have questions, let me know.
Kind Regards,
Tom
11-24-2002 12:51 AM
Hi,
I done some tests myself and here is what I found:
it IS sufficient to use only a static command e.g.:
static (inside,outside) 10.40.2.0 10.40.2.0 netmask 255.255.255.0 0 0
for traffic both ways (outside to inside, inside to outside).
however, the best way to disable nat is the following:
access-list no_nat permit ip any any
nat (inside) 0 access-list no_nat
this will allow traffic both ways not to be nat'ed. The
nat (inside) 0 10.40.2.0 255.255.255.0 0 0
command will only handle traffic inside to outside
regards rolf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide