How to bypass nat on lan

Unanswered Question
Apr 10th, 2007
User Badges:

I have a pix 515 running version 634 with four interfaces, for example, outside, inside, dmz and lab. I need to be able to connect to devices that is located on both the dmz and lab from inside. I also need to connect to devices that is located on the dmz from lab. The lab has a higher security than the dmz. I am also using remote access vpn. I would really appreciate if someone can help me with this as i have been working on it for a few days now.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Tue, 04/10/2007 - 12:27
User Badges:
  • Blue, 1500 points or more

example for single host:

static (inside,outside)

example for subnet:

static (inside,outside)

you will also need to use nat zero:

access-list acl_name permit ip

nat (inside) 0 access-list acl_name

acl_name defines source/destination ip pairs that you don't want nat'ed. so this acl would read - when a host on subnet attempts to contact a host on subnet, do not NAT the 192.168.1.x address.


This Discussion