Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
784
Views
0
Helpful
3
Replies

Pix question

mikedurbin
Level 1
Level 1

‎03-05-2009 07:15 PM

If I have a pix 501, and I have both a nat 1 statement and a global 1 statement, but I also have a "static (inside,outside) 10.10.10.0 10.10.10.0" command, does this static statement make it do a No NAT situation, if my internal network of the pix is a 10.10.10.0 network?

Labels:
0 Helpful
3 Replies 3

andrew.prince
Level 10
Level 10

‎03-06-2009 12:52 AM

Yes - you are bascially saying from the inside to the outside do not nat - and present all packets to the outside as 10.10.10.x

HTH>

0 Helpful

adamclarkuk_2
Level 4
Level 4

‎03-06-2009 05:06 AM

Hi

It sounds like you are using an old code or have nat-control enabled where NAT must happen for traffic to traverse higher security interfaces to lower security interfaces. The static statement is doing NAT but is NAT'ing the source IP address to the same source IP address when traffic flows from inside to outside. If you look in the xlate table (show xlate), you will see entries for any of the flows matching that static statement.

Version 7 introduced the nat-control command so you could turn off the need for NAT.

hxxp://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

0 Helpful

brandon_leiker
Level 1
Level 1
In response to adamclarkuk_2

‎03-12-2009 11:57 AM

The PIX 501 supports Version 6.35 as the lastest version; it doesn't have the memory requiremetns to support the version 7 code.

0 Helpful
Customers Also Viewed These Support Documents