09-19-2007 02:59 PM - edited 03-11-2019 04:13 AM
I just loaded 7.2.3 code on my PIX515E and I'm seeing something very weird. My traffic from outside to inside works without any NAT or Static configuration in the PIX. I have an access list applied on the outside interface to permit traffic from outside to inside host but no NAT or STATIC configuration. I haven't dealt with 7.x code much and don't know if I'm missing something here. I ran this by a couple of my peers and they are at a loss too.
PIX inside int: 192.168.1.1/24
PIX outside int: 172.16.1.1/24
Outside host: 172.16.1.3
Inside host: 192.168.1.3
PIX515E# show run access-group
access-group acl_outside in interface outside
PIX515E# show run access-list acl_outside
access-list acl_outside extended permit icmp host R1 host R2
access-list acl_outside extended permit ip any any
PIX515E# show xlate
0 in use, 0 most used
PIX515E# show conn
0 in use, 4 most used
After initiating telnet from outside host to inside:
PIX515E# show conn
1 in use, 4 most used
TCP out R1:49491 in R2:23 idle 0:00:04 bytes 117 flags UIOB
PIX515E# show run name
name 172.16.1.3 R1
name 192.168.1.3 R2
PIX515E# show xlate
0 in use, 0 most used
PIX515E# show nat
TIA
Sundar
Solved! Go to Solution.
09-19-2007 09:52 PM
PIX 7.0 introduces the nat-control command. You can use the nat-control command in configuration mode in order to specify if NAT is required for outside communications. With NAT control enabled, configuration of NAT rules is required in order to allow outbound traffic, as is the case with previous versions of PIX software. If NAT control is disabled (no nat-control), inside hosts can communicate with outside networks without the configuration of a NAT rule. However, if you have inside hosts that do not have public addresses, you still need to configure NAT for those hosts.
09-19-2007 09:52 PM
PIX 7.0 introduces the nat-control command. You can use the nat-control command in configuration mode in order to specify if NAT is required for outside communications. With NAT control enabled, configuration of NAT rules is required in order to allow outbound traffic, as is the case with previous versions of PIX software. If NAT control is disabled (no nat-control), inside hosts can communicate with outside networks without the configuration of a NAT rule. However, if you have inside hosts that do not have public addresses, you still need to configure NAT for those hosts.
09-20-2007 01:15 PM
That was it.
Thanks :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: