Re: How to allow all outside addresses NOT to be translated to i

chrrbc · ‎12-06-2001

How do I allow all outside addresses NOT to be translated to inside on a PIX520?

I do not want addresses to be translated at all.

Each should appear on the inside as it is on the outside.

I only want to restrict access by ports using access-lists.

Reason:I use the PIX within the intranet, to have a secured server area (outside) from the rest of the intranet (inside).

rrbleeker · ‎12-06-2001

Configure NAT not to perform address translation and setup your static translations with both addresses as your outside IP addresses. This allows communications through the PIX without translations.

'nat (inside) 0 0 0 for outbound traffic

'static (inside,outside) ' for inbound traffic'

chrrbc · ‎12-07-2001

The statement about NAT works outbound, no problem.

I do not exactly understand what you mean with the statement about the static statement.

Do I have to define a static statement for every single address to be accessed on the inside?

Or can I use only ONE statement for all (similar to the NAT-statement for the outbound traffic).

I have RFC1918-addresses on the inside and on the outside (because to the real outside, the Internet, we do not use PIX at all), so what do you mean by " as your outside IP addresses"?

Can you give me an example, how the static statement should look like, in order that a (PIX)outside server(RFC1918) should access through the (PIX)inside network(RFC1918) any address in the Internet (at that border is a totally different checkpoint-1 firewall, by the way)?

How to allow all outside addresses NOT to be translated to inside on PIX520