Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

try to understand NoNAT

I have a PIX, I want PCs from outside interface to access a server(1.1.1.1) inside. I know I can use static (outside,inside) 1.1.1.1 1.1.1.1 and a ACL to allow.

My question is: can I use NONAT + ACL to do it ?

Thanks

2 REPLIES
Bronze

Re: try to understand NoNAT

With nonat the Pix will not answare for the "arp requests" sent for the outside IP address. With the static it will!

Bronze

Re: try to understand NoNAT

hello,

outside accessing inside server then it should be

1.1.1.1 = remote host ip address

2.2.2.2 = published ip address

3.3.3.3 = LAN server ip address

static (inside,outside) 2.2.2.2 3.3.3.3 netmask 255.255.255.255

access-list outside_inside permit ip host 1.1.1.1 2.2.2.2

and not static (outside,inside) unless you are planning you change the soure address also

please correct me if i am wrong nonat is used when you want IPSEC traffic to pass through or you don't want any translation to happen on the ip addresses. e.g. VPN tunnels.

HTH, please rate it

121
Views
7
Helpful
2
Replies
CreatePlease to create content