Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
469
Views
0
Helpful
2
Replies

How to bypass nat on lan

Lharrypersaud
Level 1
Level 1

‎04-10-2007 06:21 AM - edited ‎03-11-2019 02:58 AM

I have a pix 515 running version 634 with four interfaces, for example, outside, inside, dmz and lab. I need to be able to connect to devices that is located on both the dmz and lab from inside. I also need to connect to devices that is located on the dmz from lab. The lab has a higher security than the dmz. I am also using remote access vpn. I would really appreciate if someone can help me with this as i have been working on it for a few days now.

Labels:
0 Helpful
2 Replies 2

srue
Level 7
Level 7

‎04-10-2007 12:27 PM

example for single host:

static (inside,outside) 10.1.1.1 10.1.1.1

example for subnet:

static (inside,outside) 10.1.1.0 10.1.1.0

you will also need to use nat zero:

access-list acl_name permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0

nat (inside) 0 access-list acl_name

acl_name defines source/destination ip pairs that you don't want nat'ed. so this acl would read - when a host on subnet 192.168.1.0/24 attempts to contact a host on 10.1.1.0 subnet, do not NAT the 192.168.1.x address.

0 Helpful

Lharrypersaud
Level 1
Level 1

‎04-10-2007 12:29 PM

I will try that.

Thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card