Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

can't ping router behind pix with no nat

Hi,

we need to remove nat 1 on our pix and apply nat 0 and configured pix like so.

Before, we could ping router behind pix, now , we can't anymore.

we use vlan, here's the config

  • Other Security Subjects
4 REPLIES

Re: can't ping router behind pix with no nat

the line "nat (inside) 0 0.0.0.0 0.0.0.0 0 0"

means "don't nat anything from the inside interface". This is very unlikely to be what you want.

Normally you have:

access-list noNAT permit ip inside_subnets subnets_you_don't_want _to_NAT_to

nat (inside) 0 access-list noNAT

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

New Member

Re: can't ping router behind pix with no nat

That's what we really want to do, all traffic will not be natted when they pass through pix. They will be natted by the router behind the pix.

Re: can't ping router behind pix with no nat

IF you do not want the PIX to do any NAT, try this:

no nat-control

New Member

Re: can't ping router behind pix with no nat

You have two options :

1 - If you got the version 7.0 or superior you can turn the firewall to L2transparent where you don't need neither routing or NAT.

2 - You can do a Static (inside,outside) NETWORKADDRESS_INSIDE NETWORKADDRESS_INSIDE NETWORKMASK_INSIDE

This will do the trick of "not nating" the Inside IP addresses.

Please let me know if you run into any difficulties

124
Views
5
Helpful
4
Replies