PIX V7 enable traffic without address translation

Unanswered Question
Jun 5th, 2008
User Badges:

Hello,


We have a PIX 525 with a big configuration, and i would like to enable the option traffic trough the firewall without address translation. We use already translation, so i just want to know if it modifies something in the current configuration or if it's for the new modification. what is the goal of this option ?


thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Thu, 06/05/2008 - 12:26
User Badges:
  • Red, 2250 points or more

Hello Yann, it will not modify any configuration directly. But please remember the NAT order of operation:


http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1042696


So lets say you have a rule now to translate 192.168.1.0/24 when going to outside (Internet). Now you add a rule that matches the same flow with a


nat (inside) 0 access-list nonat


This will have preference over the previous commands as NAT Exemption (nat 0 ACL) has highest priority. So just be careful about this.


Regards


Farrukh



Actions

This Discussion