Solved

pix without nat

Posted on 2006-06-17
7
479 Views
Last Modified: 2010-03-19
how should i configure a pix 506e firewall so that it does not perform nat and only does routing between its inside and outside network.

 
0
Comment
Question by:sheikham88
  • 3
  • 2
  • 2
7 Comments
 
LVL 1

Expert Comment

by:atifawan
ID: 16926759
Use the following command:

nat (inside) 0 0 0

This will pass all IP Addresses on the inside interface to outside without Natting them. If you want to be more specific you can also specify which addresses you do not want to be natted.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16928464
What exactly is the problem right now ? Since if you are using private ip addresses inside and outside interface connected to internet, it will not work.

If you can explain more, we'll be able to understand the problem.

Cheers,
Rajesh
0
 
LVL 1

Expert Comment

by:atifawan
ID: 16928479
He only said he does not want the PIX to nat. He is probably doing NAT on the router and it will work if configured that way.
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 

Author Comment

by:sheikham88
ID: 16928710
yes atif awan is write i am doing nat on the router

to further clarify why i dont want nat to happen on the pix is because i have a dmvpn network for which this router is acting as a primary hub now when i do nat on the pix the public ip address range between the router and the pix is required to be published in all the routers in my dmvpn network which i dont want.

now when i will avoid nat happening on the pix then i will have a complete private ip network on the intranet side i hope i have made my self clear


now atifawan if i give this command on the pix it will not do nat and allow all connections from the outside to the inside interface is this correct
0
 
LVL 1

Accepted Solution

by:
atifawan earned 300 total points
ID: 16928934
If you give this command it will not nat the addresses while going out but it will not allow outside to inside access. The only access that will be allowed is from inside to outside and returning legitimate traffic.

If you want outside to inside access also then you will have to do a static nat on the same range. For example if your internal subnet is 192.168.1.0 then you will configure something like:

static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

This will allow outside to inside access as controlled by your access-list on the outside interface.
0
 

Author Comment

by:sheikham88
ID: 16929651
one last thing about my question, can i not have any kind of nat on pix to make it work or is it necessary to have some kind of nat to make the pix work as a router and also to have firewall functionality.
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 200 total points
ID: 16929954
No. That is why I wanted to know what you're trying to do. If it had been only for internal hosts all having public ip then the 'nat 0' command would do. But for your scenario which is clear now take a peek at this post, it is same as yours;

http://www.experts-exchange.com/Security/Q_21888521.html

Cheers,
Rajesh
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now