pix without nat

how should i configure a pix 506e firewall so that it does not perform nat and only does routing between its inside and outside network.

 
sheikham88Asked:
Who is Participating?
 
atifawanConnect With a Mentor Commented:
If you give this command it will not nat the addresses while going out but it will not allow outside to inside access. The only access that will be allowed is from inside to outside and returning legitimate traffic.

If you want outside to inside access also then you will have to do a static nat on the same range. For example if your internal subnet is 192.168.1.0 then you will configure something like:

static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

This will allow outside to inside access as controlled by your access-list on the outside interface.
0
 
atifawanCommented:
Use the following command:

nat (inside) 0 0 0

This will pass all IP Addresses on the inside interface to outside without Natting them. If you want to be more specific you can also specify which addresses you do not want to be natted.
0
 
rsivanandanCommented:
What exactly is the problem right now ? Since if you are using private ip addresses inside and outside interface connected to internet, it will not work.

If you can explain more, we'll be able to understand the problem.

Cheers,
Rajesh
0
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

 
atifawanCommented:
He only said he does not want the PIX to nat. He is probably doing NAT on the router and it will work if configured that way.
0
 
sheikham88Author Commented:
yes atif awan is write i am doing nat on the router

to further clarify why i dont want nat to happen on the pix is because i have a dmvpn network for which this router is acting as a primary hub now when i do nat on the pix the public ip address range between the router and the pix is required to be published in all the routers in my dmvpn network which i dont want.

now when i will avoid nat happening on the pix then i will have a complete private ip network on the intranet side i hope i have made my self clear


now atifawan if i give this command on the pix it will not do nat and allow all connections from the outside to the inside interface is this correct
0
 
sheikham88Author Commented:
one last thing about my question, can i not have any kind of nat on pix to make it work or is it necessary to have some kind of nat to make the pix work as a router and also to have firewall functionality.
0
 
rsivanandanConnect With a Mentor Commented:
No. That is why I wanted to know what you're trying to do. If it had been only for internal hosts all having public ip then the 'nat 0' command would do. But for your scenario which is clear now take a peek at this post, it is same as yours;

http://www.experts-exchange.com/Security/Q_21888521.html

Cheers,
Rajesh
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.