Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Pix question

If I have a pix 501, and I have both a nat 1 statement and a global 1 statement, but I also have a "static (inside,outside) 10.10.10.0 10.10.10.0" command, does this static statement make it do a No NAT situation, if my internal network of the pix is a 10.10.10.0 network?

3 REPLIES

Re: Pix question

Yes - you are bascially saying from the inside to the outside do not nat - and present all packets to the outside as 10.10.10.x

HTH>

Re: Pix question

Hi

It sounds like you are using an old code or have nat-control enabled where NAT must happen for traffic to traverse higher security interfaces to lower security interfaces. The static statement is doing NAT but is NAT'ing the source IP address to the same source IP address when traffic flows from inside to outside. If you look in the xlate table (show xlate), you will see entries for any of the flows matching that static statement.

Version 7 introduced the nat-control command so you could turn off the need for NAT.

hxxp://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

Community Member

Re: Pix question

The PIX 501 supports Version 6.35 as the lastest version; it doesn't have the memory requiremetns to support the version 7 code.

120
Views
0
Helpful
3
Replies
CreatePlease to create content