Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX 501 and NAT

We have a need to use another VPN hardware/software solution. However, in order to use this other solution we need to be able to configure the 501 to pass the NATT'ed address 192.... to the VPN hardware in front of it.

3 REPLIES
Cisco Employee

Re: PIX 501 and NAT

What do you mean by passing the NATTed address on the pix?

You can configure nat (inside) 0 access-list 101 on the pix. This way the pix will not nat any traffic that matches the acl 101.

hope this helps

-Nairi

Community Member

Re: PIX 501 and NAT

Nairi

We need the address on the inside of the network to pass through the PIX to

our VPN Hardware. We do want to NAT - but we want to control VPN access

through our VPN device.. If the originating paclket sourced from 192.168.xxx.xxx we want that to be the address the PIX sends to the VPN device.

Make sense ?

Cisco Employee

Re: PIX 501 and NAT

In that case you need to use nat (inside) 0 access-list 101 to disable NAT on a PIX Firewall.

ACL 101 will include traffic sourced from 192.168.x.x.

hope this helps,

-Nairi

92
Views
0
Helpful
3
Replies
CreatePlease to create content