Re: PIX inside/outside

ranairfan · ‎02-09-2003

Can I use real ip's on my inside network of PIX without using NAT or static (inside,outside) ??

travis-dennis_2 · ‎02-09-2003

You can but why would you want to? That would mean that someone is actually touching the box instead of a translation through the PIX. Makes it much easier for someone to do something there are not supposed to do.

ranairfan · ‎02-09-2003

Thanks for the reply, actually I want to integrate PIX with the websens, I have most of my users on outside network, websense only works with outbound traffic so I have to bring all my users to the inside so that I can filter their www traffic.

Please reply with the steps that how can I use my inside traffic to communicate outside without using NAT or static commands or refer some cisco doc related to this.

Thanks and Regards,

mostiguy · ‎02-11-2003

You need to use the static command . Why do you not want to use static?

nat (inside) 0 network number subnet mask

Disables nat for a block.

Ex:

static (inside, outside) 192.168.0.0 192.168.0.0 netmask 255.255.255.0

nat (inside) 0 192.168.0.0 255.255.255.0 0 0

Would disable nat for the inside int with ips of 192.168.0.0/24.

Note that if you were using nat, you might have created global pools for nat. You don't use the global command unless you are using nat. So, you might need to first remove global commands, then add appropriate static and nat commands.

Matt

ranairfan · ‎02-14-2003

Thanks for the reply Matt,

What if I have more than one network e,g 192.168.0.0 /24, 204.16.30.0 /24 etc which i want to use without NAT.

can i use

nat (inside) 0 0.0.0.0 0.0.0.0

Static (inside,outside) 0.0.0.0 0.0.0.0

so that only with this command all the networks running can access the internet witout using NAT.

ranairfan · ‎02-14-2003

Its urgent please reply soon

mostiguy · ‎02-15-2003

You can use multiple nat and static statements.