Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
336
Views
0
Helpful
3
Replies

Co-existaece of NAT and NAT-Bypass in PIX515E

abipu
Level 1
Level 1

‎06-24-2005 11:17 AM - edited ‎03-09-2019 11:40 AM

Hi, I want my PIX to be configured to support NAT for inside network and NAT Bypass for both dmz1 and dmz2. IOS Ver is 6.3. I need immediate feedback if this is possible at all and how?

Labels:
0 Helpful
3 Replies 3

mostiguy
Level 6
Level 6

‎06-24-2005 01:07 PM

Sure. Nat everything from the inside out, but have a nat 0 access list for the inside to exclude traffic from it to both dmzs, for purpose of NATing.

0 Helpful

abipu
Level 1
Level 1
In response to mostiguy

‎06-25-2005 01:12 AM

Thanks. Could you please explore exactly how to do that? A sample configuration is much preferable.

0 Helpful

johansens
Level 4
Level 4
In response to abipu

‎06-25-2005 09:18 AM

like this:

global (outside) 1 interface

nat (inside) 0 access-list no.nat.from.inside

nat (inside) 1 0.0.0.0 0.0.0.0

access-list no.nat.from.inside extended permit any a.b.c.d 255.255.255.0

access-list no.nat.from.inside extended permit any e.f.g.h 255.255.255.0

Where a.b.c.d (dmz1) and e.f.g.h (dmz2) is your DMZs (and set the correct netmask in the access-list) (you could also replace the "any" with more specific net/mask, as well as the "0.0.0.0 0.0.0.0" in the nat-statement).

0 Helpful
Customers Also Viewed These Support Documents