Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Best way to config a PIX without NAT

I have tried, "NAT (inside) 0 x.x.x.x 255.255.255.0"

it's working, but some how outside host cannot access anything behind the pix unless the inside machine start a session to outside first.

Any idea why this happen? is this normal?

any idea would be appreciate.

4 REPLIES
Silver

Re: Best way to config a PIX without NAT

That is normal - you need to write an access list to open ports, and apply it to the outside interface

New Member

Re: Best way to config a PIX without NAT

Thanks for your reply,

actually i already have ACL apply on the outside interface, let set permit icmp any any. But problem still happen to be that way, always require inside host to initial traffic, then outside can access.

I understand this is not a big of issue, but for web server, it's kind of annoying. We always need to send out icmp to outside.

New Member

Re: Best way to config a PIX without NAT

You need to a nat 0 rule with an access-list for this to work.

For example:

nat 0 (inside) access-list no-nat

access-list no-nat permit ip 10.10.0.0 255.255.0.0

New Member

Re: Best way to config a PIX without NAT

you need a static and an ACL for outside users to initiate a connection inside:

static(inside,outside)

access-list 101 permit ip any

access-group 101 in interface outside

97
Views
0
Helpful
4
Replies