Is it possible to configure internal interface (on which is the NAT inside command) to pass the traffic from the inside other than that was defined for translation?
I mean, if I have NAT and a pool of addresses bound to ACL which permits internal users to pass, can I at the same time let go some other traffic which I don't want to be translated, just to be allowed to pass to the outside?
This is how it works, all permitted items in access-list nonat are not translated, cause if traffic arives at the inside interface, first rule that is being inspected is the nat (inside) 0 rule (nat 0 stand for no translation does occure)...., since the nat 0 is bound to the access-list the access-list is used to determine which packets do not have to be tranlated, so all permit statements in this list are not translated, but an xlate entrie will be created (saying that it is translated to the same address, simply said :-))
If there is no permitted match on the ACL bound to nat 0 the PIX conntinues with the other nat statements (if there are any) and creates the xlate entries if needed.
If no other nat commands are in place the PIX simply drops the packet because no translated slot could be created.
After re-configuring your PIX you might have to use the clear xlate command because probably there is allready a xlate table created right now for this connection. Since the PIX first checks existing xlate entries you have to get rid of the allready existing entrie.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...