Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

NAT Confusion - PIX 6.3.4/7.0

I am having translation issues, have tried upgrading to 7.0, then went back to 6.3, all because of NAT.

I have the following setup: switch connects to Eth1 on PIX, PIX Eth0 goes out to border router. We have two networks, that need to go out to the net, both have public addresses. so, we did:

access-list no_nat permit ip any any

nat (inside) 0 access-list no_nat

static (inside,outside) abcd abcd (where abcd in my inside but public ips)

I thought having the access-list (policy nat) wtih the nat 0 would mean traffic originating from the inside, would be allowed back in. It isn't working. Do I need a nat for the outside? I am confused..suggestions appreciated, what is meant by nat exemption in 7.0?

  • Other Security Subjects
New Member

Re: NAT Confusion - PIX 6.3.4/7.0

Bi-directional communication (b/ inside and outside) cannot be achieved with NAT 0 unless the connection is initiated by the hosts located in the internal network.

In order to allow communication b/ outside and inside with no translation, you may want to try the following:

static (inside,outside) netmask

That allows inside network to be translated on the outside and as consequence it can be accessible from the public with their original IPs which are public IPs in your case.

Hope this helps.