try to understand NoNAT

femalwolf · ‎05-25-2007

I have a PIX, I want PCs from outside interface to access a server(1.1.1.1) inside. I know I can use static (outside,inside) 1.1.1.1 1.1.1.1 and a ACL to allow.

My question is: can I use NONAT + ACL to do it ?

Thanks

guibarati · ‎05-25-2007

With nonat the Pix will not answare for the "arp requests" sent for the outside IP address. With the static it will!

zulqurnain · ‎05-26-2007

hello,

outside accessing inside server then it should be

1.1.1.1 = remote host ip address

2.2.2.2 = published ip address

3.3.3.3 = LAN server ip address

static (inside,outside) 2.2.2.2 3.3.3.3 netmask 255.255.255.255

access-list outside_inside permit ip host 1.1.1.1 2.2.2.2

and not static (outside,inside) unless you are planning you change the soure address also

please correct me if i am wrong nonat is used when you want IPSEC traffic to pass through or you don't want any translation to happen on the ip addresses. e.g. VPN tunnels.

HTH, please rate it

try to understand NoNAT

Re: Understanding the differences between the Cisco password \ secret

Re: Understanding BGP Best Path Selection & Manipulation

Understanding VRF Lite

Understanding Virtual Routing and Forwarding (VRF)

Understanding Cisco Express Forwarding (CEF) Architecture