PIX V7 enable traffic without address translation

Unanswered Question
Jun 5th, 2008
User Badges:


We have a PIX 525 with a big configuration, and i would like to enable the option traffic trough the firewall without address translation. We use already translation, so i just want to know if it modifies something in the current configuration or if it's for the new modification. what is the goal of this option ?

thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Thu, 06/05/2008 - 12:26
User Badges:
  • Red, 2250 points or more

Hello Yann, it will not modify any configuration directly. But please remember the NAT order of operation:


So lets say you have a rule now to translate when going to outside (Internet). Now you add a rule that matches the same flow with a

nat (inside) 0 access-list nonat

This will have preference over the previous commands as NAT Exemption (nat 0 ACL) has highest priority. So just be careful about this.




This Discussion