no translation between intranet networks needed on PIX 520
We want to run a PIX 520 FW (V6.1.1) within our intranet (not to the Internet).
Like this, both interfaces, inside and outside, are RFC1918 addresses which we can maintain ourselves and therefore there is no need of any address translation.
We want to be able to restrict access to and from the "outside" interface by protocols (access-lists), but we do not want any address translation (NAT, PAT) to take place, neither inbound nor outbound.
Can you show me how a sample configuration should look like, which prevents any translation (no NAT, PAT,keep the original addresses).
I tried with nat (inside) 0 0.0.0.0 0.0.0.0 0 0 for outbound traffic, which works
Re: no translation between intranet networks needed on PIX 520
The first 0 is the natID.
The both zeroes at the end stand for the translate ip address and mask. since you use the same, they are 0 (I suppose).
My problem is not, having no translation outbound - this works by such a NAT statement (see initial message)- , but how do I tell a PIX520 NOT to do any inbound translation? Defining individual static statements is too boring, I think there should be one statement or even better none at all.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...