05-25-2007 10:23 AM - edited 03-11-2019 03:20 AM
I have a PIX, I want PCs from outside interface to access a server(1.1.1.1) inside. I know I can use static (outside,inside) 1.1.1.1 1.1.1.1 and a ACL to allow.
My question is: can I use NONAT + ACL to do it ?
Thanks
05-25-2007 11:49 AM
With nonat the Pix will not answare for the "arp requests" sent for the outside IP address. With the static it will!
05-26-2007 05:00 AM
hello,
outside accessing inside server then it should be
1.1.1.1 = remote host ip address
2.2.2.2 = published ip address
3.3.3.3 = LAN server ip address
static (inside,outside) 2.2.2.2 3.3.3.3 netmask 255.255.255.255
access-list outside_inside permit ip host 1.1.1.1 2.2.2.2
and not static (outside,inside) unless you are planning you change the soure address also
please correct me if i am wrong nonat is used when you want IPSEC traffic to pass through or you don't want any translation to happen on the ip addresses. e.g. VPN tunnels.
HTH, please rate it
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide