Re: NAT 0

pattyj · ‎12-01-2004

Will NAT 0 allow a specific inside address make an outbound connection with no other configuration or do you have to combine its use with a nat (inside) 1 / global (outside) 1 pair?

NAT 0 10.2.2.10 for example.

Thanks.

Jon

gfullage · ‎12-01-2004

With "nat 0" the inside host will be able to make an outside connection with no other configuration. Keep in mind that the host address will be untranslated though, so be careful with using it on private IP addresses.

pattyj · ‎12-01-2004

Can you specify nat 0 with a subnet as opposed to an individual host? I'm using a PIX to separate a production from a QA network.

sachinraja · ‎12-01-2004

hello patty,

it depends on the access-list that you configure to bind on the NAT 0. you can either allow a host or a subnet with NAT 0.. you can also specify a specific destination and port if you want.. example:

nat (inside) 0 access-list nonat

access-list nonat permit ip 192.168.100.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list nonat permit ip host 192.168.200.0 host 10.2.2.1

any traffic from 192.168.100.0/24 to 10.1.1.0/24 will not be natted in the above case..

hope this helps.. all the best..

Raj

gfullage · ‎12-01-2004

Sure you can. You can even do:

nat (inside) 0 0 0

to allow everything through without being NAT'd.

pattyj · ‎12-02-2004

Thanks everyone for the replies. This clears it up for me. Jon