Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
287
Views
0
Helpful
1
Replies

PIX V7 enable traffic without address translation

yann.boulet
Level 1
Level 1

‎06-05-2008 12:20 PM - edited ‎03-11-2019 05:55 AM

Hello,

We have a PIX 525 with a big configuration, and i would like to enable the option traffic trough the firewall without address translation. We use already translation, so i just want to know if it modifies something in the current configuration or if it's for the new modification. what is the goal of this option ?

thank you

Labels:
0 Helpful
1 Reply 1

Farrukh Haroon
VIP Alumni
VIP Alumni

‎06-05-2008 12:26 PM

Hello Yann, it will not modify any configuration directly. But please remember the NAT order of operation:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1042696

So lets say you have a rule now to translate 192.168.1.0/24 when going to outside (Internet). Now you add a rule that matches the same flow with a

nat (inside) 0 access-list nonat

This will have preference over the previous commands as NAT Exemption (nat 0 ACL) has highest priority. So just be careful about this.

Regards

Farrukh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card