Solved

pix without nat

Posted on 2006-06-17
7
481 Views
Last Modified: 2010-03-19
how should i configure a pix 506e firewall so that it does not perform nat and only does routing between its inside and outside network.

 
0
Comment
Question by:sheikham88
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 1

Expert Comment

by:atifawan
ID: 16926759
Use the following command:

nat (inside) 0 0 0

This will pass all IP Addresses on the inside interface to outside without Natting them. If you want to be more specific you can also specify which addresses you do not want to be natted.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16928464
What exactly is the problem right now ? Since if you are using private ip addresses inside and outside interface connected to internet, it will not work.

If you can explain more, we'll be able to understand the problem.

Cheers,
Rajesh
0
 
LVL 1

Expert Comment

by:atifawan
ID: 16928479
He only said he does not want the PIX to nat. He is probably doing NAT on the router and it will work if configured that way.
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 

Author Comment

by:sheikham88
ID: 16928710
yes atif awan is write i am doing nat on the router

to further clarify why i dont want nat to happen on the pix is because i have a dmvpn network for which this router is acting as a primary hub now when i do nat on the pix the public ip address range between the router and the pix is required to be published in all the routers in my dmvpn network which i dont want.

now when i will avoid nat happening on the pix then i will have a complete private ip network on the intranet side i hope i have made my self clear


now atifawan if i give this command on the pix it will not do nat and allow all connections from the outside to the inside interface is this correct
0
 
LVL 1

Accepted Solution

by:
atifawan earned 300 total points
ID: 16928934
If you give this command it will not nat the addresses while going out but it will not allow outside to inside access. The only access that will be allowed is from inside to outside and returning legitimate traffic.

If you want outside to inside access also then you will have to do a static nat on the same range. For example if your internal subnet is 192.168.1.0 then you will configure something like:

static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

This will allow outside to inside access as controlled by your access-list on the outside interface.
0
 

Author Comment

by:sheikham88
ID: 16929651
one last thing about my question, can i not have any kind of nat on pix to make it work or is it necessary to have some kind of nat to make the pix work as a router and also to have firewall functionality.
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 200 total points
ID: 16929954
No. That is why I wanted to know what you're trying to do. If it had been only for internal hosts all having public ip then the 'nat 0' command would do. But for your scenario which is clear now take a peek at this post, it is same as yours;

http://www.experts-exchange.com/Security/Q_21888521.html

Cheers,
Rajesh
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question