04-11-2003 12:27 PM - edited 03-09-2019 02:52 AM
I don not want any address translations and all the hosts on my network are using real world IP's
Do I need to have a nat (inside) 0 0 0 command on my pix 6.2?
04-11-2003 12:55 PM
No, you don't have to use "nat 0". You can use "static" command to allow outbound connections as long as your ip addresses are real public ones.
Note that if you don't enable nat, the syntax of "static" command would be as follows:
static (high,low) high high
hope this helps ...
Mustafa
04-11-2003 01:16 PM
Mustafa,
Thanks!
Do I need a static for all the computers that are accessing the internet. I have about 150 hosts?
04-12-2003 11:57 AM
HI.
In your case, I would use nat (inside) 0 0 0 .
It just seems to me more logical then static in such a scenario.
Static will work also, but I think that static will cause more overhead at the pix and will add un-needed proxy-arp on the outside interface.
Yizhar
04-14-2003 05:52 AM
Yizhar,
I am a little confused by your reply.
Isn't it that static is only for inbound connections i.e for machines that need to be accessed from outside.
So, what does static have to do with the absence of nat 0 which , I think, is only to allow or diallow address translations.
Let's say If I have 2 machines behind the pix a webserver (W) and a host (H)
H and W both have unrestricted outbound access . They have real IP , so I use nat 0. Now, W needs to be accessed from outside , so I throw in a static for W. According to you anser, I wud need a static for H as well. If so, why?.
04-12-2003 02:39 PM
Hi,
instead of using a 'static' command for every host, you can use 'net static'
( = statically translate an entire network to itself).
Let's assume that your network is 1.2.3.0. Then you should use this command
static (inside,outside) 1.2.3.0 1.2.3.0 netmask 255.255.255.0
Kind Regards,
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide