try to understand NoNAT

Unanswered Question
May 25th, 2007
User Badges:

I have a PIX, I want PCs from outside interface to access a server(1.1.1.1) inside. I know I can use static (outside,inside) 1.1.1.1 1.1.1.1 and a ACL to allow.

My question is: can I use NONAT + ACL to do it ?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
guibarati Fri, 05/25/2007 - 11:49
User Badges:
  • Bronze, 100 points or more

With nonat the Pix will not answare for the "arp requests" sent for the outside IP address. With the static it will!

zulqurnain Sat, 05/26/2007 - 05:00
User Badges:
  • Bronze, 100 points or more

hello,


outside accessing inside server then it should be


1.1.1.1 = remote host ip address


2.2.2.2 = published ip address


3.3.3.3 = LAN server ip address


static (inside,outside) 2.2.2.2 3.3.3.3 netmask 255.255.255.255

access-list outside_inside permit ip host 1.1.1.1 2.2.2.2


and not static (outside,inside) unless you are planning you change the soure address also


please correct me if i am wrong nonat is used when you want IPSEC traffic to pass through or you don't want any translation to happen on the ip addresses. e.g. VPN tunnels.


HTH, please rate it

Actions

This Discussion