Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple NAT 0 on 6 Interface

Hi,

Need some help with multiple NAT 0 on all interface on the PIX.

What I understand is that the following lines will turn off NAT between the source and destination

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0

nat (inside) 0 access-list 101

Since I'm dealing with 6 interfaces altogether, I need to figure out how to:

- allow hosts from a lower security level to be able to access servers at a higher security level

- vice versa

- allow pinging on all interface for troubleshooting aid.

This PIX deployment scenario is quite complicated to me since I've never done it before.

Many thanks for any help.

Regards,

Zeremy

2 REPLIES
New Member

Re: Multiple NAT 0 on 6 Interface

Zeremy,

With all due respect, but if you haven't worked with the PIX firewalls before, you might want to obtain some assistance from an experienced consultant. A firewall with 6 interfaces and that require communications between each other is indeed complicated and prone to errors. Your firewall is too important to be used as a 'learn on the spot' device.

I am sure that there are experienced consultants near your area or you could contact Cisco to obtain a recommendation.

New Member

Re: Multiple NAT 0 on 6 Interface

I totally agree with you,

We're in the process of getting additional help from experienced consultants.

Thank you for the advice.

102
Views
0
Helpful
2
Replies