Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
296
Views
7
Helpful
2
Replies

try to understand NoNAT

femalwolf
Level 1
Level 1

‎05-25-2007 10:23 AM - edited ‎03-11-2019 03:20 AM

I have a PIX, I want PCs from outside interface to access a server(1.1.1.1) inside. I know I can use static (outside,inside) 1.1.1.1 1.1.1.1 and a ACL to allow.

My question is: can I use NONAT + ACL to do it ?

Thanks

Labels:
0 Helpful
2 Replies 2

guibarati
Level 4
Level 4

‎05-25-2007 11:49 AM

With nonat the Pix will not answare for the "arp requests" sent for the outside IP address. With the static it will!

zulqurnain
Level 3
Level 3

‎05-26-2007 05:00 AM

hello,

outside accessing inside server then it should be

1.1.1.1 = remote host ip address

2.2.2.2 = published ip address

3.3.3.3 = LAN server ip address

static (inside,outside) 2.2.2.2 3.3.3.3 netmask 255.255.255.255

access-list outside_inside permit ip host 1.1.1.1 2.2.2.2

and not static (outside,inside) unless you are planning you change the soure address also

please correct me if i am wrong nonat is used when you want IPSEC traffic to pass through or you don't want any translation to happen on the ip addresses. e.g. VPN tunnels.

HTH, please rate it

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card