Re: PIX without NAT

admin_2 · ‎06-27-2002

Can I use a PIX but without using NAT?

Report Inappropriate Content · ‎06-27-2002

yes, 'nat 0' command will do. However if you want to be selective on which addresses to nat or not use;

'nat [(if_name)] 0 access-list acl_name'

access list should cover src/dest addresses you do not want to nat

jljamison · ‎07-01-2002

you can also static map the internal addresses to external addresses:

e.g.

static (inside,outside) 192.168.1.0 255.255.255.0 192.168.1.0 255.255.255.0 0 0

otherwise the pix will still do dynamic mapping of inside addresses to outside addresses. If you want inbound access, though, you should statically map the addresses. Otherwise whether an address works or not will depend upon whether or not there is an existing translation, which could be somewhat arbitrary. Some servers which need to be accessible from outside may not generate any outbound traffic so as to create those translations.

jljamison · ‎07-01-2002

you can also static map the internal addresses to external addresses:

e.g.

static (inside,outside) 192.168.1.0 255.255.255.0 192.168.1.0 255.255.255.0 0 0

otherwise the pix will still do dynamic mapping of inside addresses to outside addresses. If you want inbound access, though, you should statically map the addresses. Otherwise whether an address works or not will depend upon whether or not there is an existing translation, which could be somewhat arbitrary. Some servers which need to be accessible from outside may not generate any outbound traffic so as to create those translations.