avoid NAT

Answered Question
Feb 22nd, 2009
User Badges:
  • Silver, 250 points or more


we are using PIX 525 (version 7.2(3))

when i configure an rdp access (for example) from inside to a computer in DMZ, i configure the access rule (in security policy) then i MUST configure a NAT rule that keeps my IP unchanged between inside and DMZ:

static (inside,DMZ-WEB) IT_VLAN IT_VLAN netmask

is it possible to bypass this NAT rule?

In other words: is it possible to say to PIX: if you find a NAT rule, then use it. And if you don't find a NAT rule then just route the packet and don't ask for a NAT rule like above?

i found a command called no nat-control. i am not sure this the solution. i tried it but it did not work!

any help


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)


This Discussion