Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
0
Helpful
2
Replies

nat statements to be changed or not

ponparthi
Level 1
Level 1

‎02-24-2005 05:46 AM - edited ‎03-09-2019 10:26 AM

Hi Everybody

We hve 4 zones in pix, viz OUTSIDE, REMOTEZONE, INSIDE.

Iam pasting the config of my pix. I do not want to nat my ips when i communicate from inside to dmz and inside to remotezone, like wise no natting is required when communicating from remotezone to inside and dmz, like wise from dmz to inside. i have used nat 0 statments in combination with nat 1 statements. All my requirment is getting full filled with the exisiting config. But is there any other suggestions to fine tune or alter the config in better way. config is in the attachment

Thanks in advance

Parthiban

Labels:
Preview file
18 KB
0 Helpful
2 Replies 2

b.hsu
Level 5
Level 5

‎03-02-2005 10:15 AM

Please refer the following links for usage of NAT in PIX.

http://www.cisco.com/warp/public/471/pix_router_dyn.pdf

http://www.cisco.com/warp/public/110/39.pdf

0 Helpful

dbellaze
Level 4
Level 4

‎03-02-2005 02:28 PM

Instead of using nat 0 you can do static's to the same IP range.

For example let's say you have the following addressing.

DMZ 192.168.1.0/24

Inside 10.0.0.0/24

This static allows the 10.0.0.0 network to remain the same when accessing the DMZ.

static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.255.255.0

You could also do it vice versa for the DMZ to the Inside just remember that the extra element of an ACL will have to be applied on the DMZ interface allowing the traffic from the DMZ to the Inside.

Daniel

0 Helpful
Customers Also Viewed These Support Documents