Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
0
Helpful
1
Replies

avoid NAT

Go to solution
ohassairi
Level 5
Level 5

‎02-22-2009 09:42 PM - edited ‎03-11-2019 07:54 AM

hello

we are using PIX 525 (version 7.2(3))

when i configure an rdp access (for example) from inside to a computer in DMZ, i configure the access rule (in security policy) then i MUST configure a NAT rule that keeps my IP unchanged between inside and DMZ:

static (inside,DMZ-WEB) IT_VLAN IT_VLAN netmask 255.255.0.0

is it possible to bypass this NAT rule?

In other words: is it possible to say to PIX: if you find a NAT rule, then use it. And if you don't find a NAT rule then just route the packet and don't ask for a NAT rule like above?

i found a command called no nat-control. i am not sure this the solution. i tried it but it did not work!

any help

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10

‎02-23-2009 02:12 AM

The no-nat control globally inforces NAT or disables it.

To answer your question - no. If you assume that everything going thru the firewall will be nattted. Then the only thing you need to do is write exception rules?.

HTH>

View solution in original post

0 Helpful
1 Reply 1

Go to solution
andrew.prince
Level 10
Level 10

‎02-23-2009 02:12 AM

The no-nat control globally inforces NAT or disables it.

To answer your question - no. If you assume that everything going thru the firewall will be nattted. Then the only thing you need to do is write exception rules?.

HTH>

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card