PIX V7 enable traffic without address translation

Unanswered Question
Jun 5th, 2008

Hello,

We have a PIX 525 with a big configuration, and i would like to enable the option traffic trough the firewall without address translation. We use already translation, so i just want to know if it modifies something in the current configuration or if it's for the new modification. what is the goal of this option ?

thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Thu, 06/05/2008 - 12:26

Hello Yann, it will not modify any configuration directly. But please remember the NAT order of operation:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1042696

So lets say you have a rule now to translate 192.168.1.0/24 when going to outside (Internet). Now you add a rule that matches the same flow with a

nat (inside) 0 access-list nonat

This will have preference over the previous commands as NAT Exemption (nat 0 ACL) has highest priority. So just be careful about this.

Regards

Farrukh

Actions

This Discussion