04-01-2007 09:06 AM - edited 03-05-2019 03:14 PM
Hi if I want traffic to be initiated from the inside and dmz without translation. I understand I can accomplish this by doing a
transparent translation like:
static(inside, dmz) inside address, inside address netmask...
however if I was to use nat0 access list such as..
nat (inside) 0 access-list noNatInside
access list noNatInside permit inside address to dmz address
do I also need...
nat (dmz) 0 access-list noNatDMZ
access list noNatInside permit dmz address to inside address
or is the nat0 access list, noNatInside bidirectional in that it will allow the reverse reading of, dmz to inside initiated traffic, provided the ACL exist to permit the traffic of course.
thanks in advance
hermo
04-01-2007 10:06 AM
Hi
Is this a pix firewall ?
You can turn off NAT altogether with v7.0 for the Pix or ASA.
But assuming you don't want to turn off NAT or you can't because your are running an earlier version of code, if you want traffic to be initiated from the DMZ to the inside you will need the static statement.
If traffic was only ever initiated from inside to the DMZ you would be fine with your "nat (inside) 0 access-list NoNatinside" statement.
HTH
Jon
04-01-2007 01:14 PM
yes its pix firewall running version 6.3
thanks for the answer. I will go with the static statement. regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide