- Silver, 250 points or more
we are using PIX 525 (version 7.2(3))
when i configure an rdp access (for example) from inside to a computer in DMZ, i configure the access rule (in security policy) then i MUST configure a NAT rule that keeps my IP unchanged between inside and DMZ:
static (inside,DMZ-WEB) IT_VLAN IT_VLAN netmask 255.255.0.0
is it possible to bypass this NAT rule?
In other words: is it possible to say to PIX: if you find a NAT rule, then use it. And if you don't find a NAT rule then just route the packet and don't ask for a NAT rule like above?
i found a command called no nat-control. i am not sure this the solution. i tried it but it did not work!
The no-nat control globally inforces NAT or disables it.
To answer your question - no. If you assume that everything going thru the firewall will be nattted. Then the only thing you need to do is write exception rules?.