My PC is hanging off of PIX-A and has an IP address of 10.10.11.2 and I'm pinging 10.10.10.2 (PC off of PIX-B).
Here is my confusion.....
When I use the below command in PIX-A my pings does NOT work.
access-list nonat permit host 10.10.11.2
nat (inside) 0 access-list nonat
But when I use the below commands my pings gets through.
access-list nonat permit host 10.10.10.2
nat (inside) 0 access-list nonat
Please explain to me the correct way I should be thinking about the NONAT command. I thought the nonat command worked like this....if locally I have a PC (10.10.11.2) on the inside interface and I did not want the PIX to nat that address my access-list would specify the IP address that is not to be nat'ed "access-list nonat permit host 10.10.11.2". Let me say it another way, I thought the access list should specify what local addresses I did not want nated NOT the destination address Im trying to get to.
Any input would be a big help.
Thanks in advance.