05-29-2003 04:48 AM - edited 03-09-2019 03:27 AM
Hi,
Is there a way to configure a pix firewall to be transparent in the network? I mean, I'd like to simply put the firewall between a server and a network without having to modify anything in the server and doing all traffic control in the firewall. I don't need (want) the firewall to do nat, pat, or anything more than applying access-lists.
Thanks,
05-29-2003 06:11 AM
Won't work. PIX MUST have NAT/PAT in order to function
05-29-2003 06:24 AM
Thanks for your reply.
Do you consider is there a change that this feature will be included in a future release? I see it as a very promising one because of the lack of the need to reconfigure already connected devices.
Regards,
05-29-2003 06:40 AM
Hi,
Actually the answer is Yes. This is what you need to do:
nat (inside) 0 acess-list 101
access-list 101 permit ip any any
Once you have these lines in place, the nat engine on the pix would be turned off completely from outside to inside and vice versa.
Then if you configure acl on outside interface to allow whatever traffic you want to allow, it would be transparent in terms of translations.
Thanks,
Mynul
05-29-2003 07:44 AM
Apologies,
Yes, you can use NAT 0.
I was too busy thinking " Might as well use ACL on router!"
Ali
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: