12-06-2001 06:11 AM - edited 03-08-2019 09:20 PM
How do I allow all outside addresses NOT to be translated to inside on a PIX520?
I do not want addresses to be translated at all.
Each should appear on the inside as it is on the outside.
I only want to restrict access by ports using access-lists.
Reason:I use the PIX within the intranet, to have a secured server area (outside) from the rest of the intranet (inside).
12-06-2001 08:52 AM
Configure NAT not to perform address translation and setup your static translations with both addresses as your outside IP addresses. This allows communications through the PIX without translations.
'nat (inside) 0 0 0 for outbound traffic
'static (inside,outside)
12-07-2001 06:40 AM
The statement about NAT works outbound, no problem.
I do not exactly understand what you mean with the statement about the static statement.
Do I have to define a static statement for every single address to be accessed on the inside?
Or can I use only ONE statement for all (similar to the NAT-statement for the outbound traffic).
I have RFC1918-addresses on the inside and on the outside (because to the real outside, the Internet, we do not use PIX at all), so what do you mean by " as your outside IP addresses"?
Can you give me an example, how the static statement should look like, in order that a (PIX)outside server(RFC1918) should access through the (PIX)inside network(RFC1918) any address in the Internet (at that border is a totally different checkpoint-1 firewall, by the way)?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide