Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX V7 enable traffic without address translation

Hello,

We have a PIX 525 with a big configuration, and i would like to enable the option traffic trough the firewall without address translation. We use already translation, so i just want to know if it modifies something in the current configuration or if it's for the new modification. what is the goal of this option ?

thank you

1 REPLY

Re: PIX V7 enable traffic without address translation

Hello Yann, it will not modify any configuration directly. But please remember the NAT order of operation:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1042696

So lets say you have a rule now to translate 192.168.1.0/24 when going to outside (Internet). Now you add a rule that matches the same flow with a

nat (inside) 0 access-list nonat

This will have preference over the previous commands as NAT Exemption (nat 0 ACL) has highest priority. So just be careful about this.

Regards

Farrukh

139
Views
0
Helpful
1
Replies