Re: Multiple NAT 0 on 6 Interface

zeremy · ‎01-29-2002

Hi,

Need some help with multiple NAT 0 on all interface on the PIX.

What I understand is that the following lines will turn off NAT between the source and destination

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0

nat (inside) 0 access-list 101

Since I'm dealing with 6 interfaces altogether, I need to figure out how to:

- allow hosts from a lower security level to be able to access servers at a higher security level

- vice versa

- allow pinging on all interface for troubleshooting aid.

This PIX deployment scenario is quite complicated to me since I've never done it before.

Many thanks for any help.

Regards,

Zeremy

rrbleeker · ‎02-01-2002

Zeremy,

With all due respect, but if you haven't worked with the PIX firewalls before, you might want to obtain some assistance from an experienced consultant. A firewall with 6 interfaces and that require communications between each other is indeed complicated and prone to errors. Your firewall is too important to be used as a 'learn on the spot' device.

I am sure that there are experienced consultants near your area or you could contact Cisco to obtain a recommendation.

zeremy · ‎02-01-2002

I totally agree with you,

We're in the process of getting additional help from experienced consultants.

Thank you for the advice.