Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX configuration Inside-DMZ without NAT

Hi.

I have two PC, one located in a DMZ and other in the inside network. Both must communicate bidirectionally across specific ports, but I want to disable NAT between them since I am handling an administrative application and it does not work with NAT. The DMZ and the inside network, it has different IP addressing Scheme.

Thanks in advance.

R.@.M.

5 REPLIES
New Member

Re: PIX configuration Inside-DMZ without NAT

Hi,

You probably want to try

static (inside,dmz) x.x.x.x x.x.x.x netmask 255.255.255.255

where x.x.x.x is ip address for pc on inside.

assume y.y.y.y is the ip for pc on dmz,

there is no problem from x.x.x.x to access to y.y.y.y

but you do need to add the permission for y.y.y.y to access to x.x.x.x ( access list or conduit ).

I hope this will help.

Tony

New Member

Re: PIX configuration Inside-DMZ without NAT

Hi Tony. Thanks for your response.

Then I do not need to configure " nat (inside 0) "?.

Thanks again.

R.@.M.

Silver

Re: PIX configuration Inside-DMZ without NAT

Hi,

nat (inside) 0 will only allow you for one way communication i.e. from inside-> DMZ.

with static (in,out) xxx xxx you can have bi directional communication.

Regards,

Nadeem

New Member

Re: PIX configuration Inside-DMZ without NAT

Ok, I understand. then I might do this:

static (inside,dmz) 192.168.2.11 192.168.2.11 netmask 255.255.255.255

Access-list dmz permit tcp host 172.31.4.20 host 192.168.2.11 eq

that's right?

R.@.M.

New Member

Re: PIX configuration Inside-DMZ without NAT

Hi,

Yes, that is correct. However, you pretty much have to apply this list to dmz interface. Remember that, there is always " deny ip any any " at the end of every access list.

which will deny the traffic going from dmz to outside. You want to be careful about this.

If you are not using PDM, since this is non-routable address, you can also use conduit statement.

I hope this helps.

Thanks

Tony

156
Views
0
Helpful
5
Replies
CreatePlease to create content