Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to bypass nat on lan

I have a pix 515 running version 634 with four interfaces, for example, outside, inside, dmz and lab. I need to be able to connect to devices that is located on both the dmz and lab from inside. I also need to connect to devices that is located on the dmz from lab. The lab has a higher security than the dmz. I am also using remote access vpn. I would really appreciate if someone can help me with this as i have been working on it for a few days now.

2 REPLIES
Gold

Re: How to bypass nat on lan

example for single host:

static (inside,outside) 10.1.1.1 10.1.1.1

example for subnet:

static (inside,outside) 10.1.1.0 10.1.1.0

you will also need to use nat zero:

access-list acl_name permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0

nat (inside) 0 access-list acl_name

acl_name defines source/destination ip pairs that you don't want nat'ed. so this acl would read - when a host on subnet 192.168.1.0/24 attempts to contact a host on 10.1.1.0 subnet, do not NAT the 192.168.1.x address.

New Member

Re: How to bypass nat on lan

I will try that.

Thank you.

201
Views
0
Helpful
2
Replies