Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
261
Views
0
Helpful
1
Replies

Can someone explain how NO NAT is secure?

chris.mcpeak
Level 1
Level 1

‎03-30-2007 03:07 PM

Can someone either explain the concept of a NO NAT config in a PIX 506 or supply me w/ a good configuration example? I don't see how this can be a secure method. If I had an Access-List 101 I would have to permit 0.0.0.0 ---> the same public address. Also, wouldn't I need a static mapping from public address ----> to ----> public address? Does NO NAT confuse anyone else out ther?

Labels:
0 Helpful
1 Reply 1

acomiskey
Level 10
Level 10

‎03-30-2007 04:07 PM

Are you talking about something like this?

access-list 101 permit ip 192.168.1.1 255.255.255.0 172.16.0.0 255.255.255.0

nat (inside) 0 access-list 101

This is typically done to exempt traffic from nat for use with remote access or lan to lan vpn tunnels. Traffic defined in the acl would be exempted from nat even if you had something like...

global (outside) 1 interface

nat (inside) 1 0 0

...because nat exemption is first in the nat order of operations. Not sure about the second part of your question.

0 Helpful
Customers Also Viewed These Support Documents