02-20-2008 05:36 AM - edited 03-11-2019 05:05 AM
Used the ADSM to create a startup config.
Since we are not using NAT do I have to create an route from the Outside interface to the Inside interface.
02-20-2008 07:36 AM
What are your security-levels set too? If they are different, you will still need NAT.
nat (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0
If they are the same, try
same-security-traffic permit inter-interface
HTH
02-20-2008 07:45 AM
Thanks! I will give a look.
Outside is Sec Lev 0 and Inside is Sec Lev 100
02-20-2008 07:59 AM
i have the following commands:
static (Inside,Outside) host1 host1 netmask 255.255.255.255
...
static (Inside,Outside) hostn hostn netmask 255.255.255.255
I saw a note about "no nat-control", I know I don't have it in the config.
02-20-2008 08:11 AM
I'm new to NAT-Control, but it sounds like it would work since you have public addresses on the inside. Let us know how it works if you choose to use it.
PIX 7.0 introduces the nat-control command. You can use the nat-control command in configuration mode in order to specify if NAT is required for outside communications. With NAT control enabled, configuration of NAT rules is required in order to allow outbound traffic, as is the case with previous versions of PIX software. If NAT control is disabled (no nat-control), inside hosts can communicate with outside networks without the configuration of a NAT rule. However, if you have inside hosts that do not have public addresses, you still need to configure NAT for those hosts.
02-20-2008 08:14 AM
Thanks I am reading up on it now.
02-20-2008 08:15 AM
Thanks I am reading up on it now.
02-20-2008 07:38 AM
Please refer the below URL for configuration details:
PIX/ASA 7.x: Enable/Disable Communication Between Interfaces
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807fc191.shtml#Same
Regards,
Arul
** Please rate all helpful posts **
02-20-2008 07:50 AM
In version 6.x code, you will need this:
static (i,o) inside_net inside_net netmask /x
In Pix version 7.x code, the default is
"no nat-control". In other words, Pix will
route traffic just like router out of the
box.
However, ACL is still needed to go from low
to high.
CCIE security
02-20-2008 07:57 AM
I saw this command this morning. I will give it a try.
02-20-2008 07:53 AM
I have read this. It seems to assume that I am using NAT to hide private IP addresses.
I am trying to pass Public IP to Public IP traffic.
02-20-2008 08:24 AM
Yes, the pix, by default, will do that for you
due to the default, no nat-control, if that's
what you're asking.
02-20-2008 10:08 AM
Okay. Now this is getting good. I telneted to the ASA. conf t'ed the "no nat-control". Then I sho run and no "no nat-control" entry. Is it me or something very simple is being made very hard? There are static (inside,outside) commands from before. Should those be deleted?
02-20-2008 10:29 AM
Okay. Now this is getting good. I telneted to the ASA. conf t'ed the "no nat-control". Then I sho run and no "no nat-control" entry. Is it me or something very simple is being made very hard? There are static (inside,outside) commands from before. Should those be deleted?
02-20-2008 10:30 AM
Weird if I refresh the page it reposts the reply.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: