Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT through PIX

Probebly been asked before, but...

I have a 515 with 6.3 software. Three interfaces. I need to allow traffic from the DMZ to a single host on the internal network. Destination address should not be NATted, source network should (source traffic comes in via ISDN and is a non routed subnet).

Is this possible at all? I've tried playing around with a static;

static (inside,dmz) <inside address> <inside address/mask>

This should not hide the inside address, but does not fix my source NAT problem. Nat and Global does not work because i have to go from lower to higher security level.

I can't figger this out...

New Member

Re: NAT through PIX

The static you have will work for your destination. Are you trying to NAT the host on the DMZ when it goes to the inside?

Here is the excerpt from the command reference.

nat outside (Outside NAT)

The nat outside option lets you enable or disable outside NAT, which translates the source address of a connection coming from a lower security interface to higher interface. This feature is also called bidirectional NAT.

If you enable outside dynamic NAT on an interface, then you must configure explicit NAT policy for all hosts on the interface that need to initiate connections to inside networks. If you want to translate some hosts, but not others, then use identity NAT or NAT exemption (nat 0 or nat 0 access-list) to disable address translation for these additional hosts.


New Member

Re: NAT through PIX

Thanks, 10 minutes ago i found the same thing on CCO, outside NAT. Gonna try!

CreatePlease login to create content