10-30-2003 03:58 PM - edited 02-20-2020 11:04 PM
I have a PIX 515E in place and it is running NAT. I would like to take off the NAT and not have any address translation. I have never setup a PIX this way. What do I do?
Bill E.
10-30-2003 07:31 PM
When the NAT command is used with the special number 0 this tells the PIX not to NAT any of the traffic. In it's most basic form you cna just do:
nat (inside) 0 0 0
The first 0 says don't NAT the traffic, the second two zeroes define the subnet/mask of the traffic to NAT. If you want to get more specific then you can do something like this (assuming you'r inside network is 200.0.0.0/8):
nat (inside) 0 200.0.0.0 255.0.0.0
Then only traffic from the 200.0.0.0 network will not be NAT'd. When using "nat 0" you don't need a corresponding global statement cause the whole point of it is that the addresses aren't changed to something else. You cna also do:
nat (inside) 0 access-list nonat
access-list nonat permit ip 200.0.0.0 255.0.0.0 any
This is primarily used for VPN traffic where you don't want to NAT it as it goes through, but is just as valid for any other traffic also.
See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/mr.htm#1032129 for further details.
10-31-2003 07:55 AM
Thank you for your post. Although that information is helpful, its not exactly what I was looking for. I actually want to not use NAT. How would I do this?
Bill
10-31-2003 09:02 AM
Bill,
The PIX requires that you create translations across interfaces in order for traffic to pass. So, in essence, there is no option to not use NAT in some form. As Glenn pointed out though, you can configure the PIX to NAT the source address back to the same address as it passed from inside to outside. In practice, this gives you the same results as not NAT'ing the traffio on the PIX as the outside hosts will see the original source address on this packet.
Clearer?
Scott
11-20-2003 03:48 PM
But if you are using the PIX in an extranet environment, you must NAT the global addresses you wish nodes outside of the pix to use (for inbound), correct?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide