• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

Cisco PIX Configuration - One Internal Network (public IPs - No NAT)

I am working on a PIX 500 series firewall with one internal network (class c - public) address space.

I can get the internal (inside) hosts to access the internet with no problem.  I cannot seem to have outside hosts access any internal hosts.

I have added:

access-list acl_out permit ip any any
access-group acl_out in interface outside
nat (inside) 0 x.x.x.x 255.255.255.0 0 0

Every sample pix config I see on the net assumes you want to use NAT.  We don't want to use private addresses on the internal network.
0
teksavers
Asked:
teksavers
1 Solution
 
lrmooreCommented:
Don't use nat 0, rather use a static

no nat (inside) 0
clear xlate
static (inside,outside) 12.34.5.0 12.34.5.0 netmask 255.255.255.0

Which model PIX? If you have a 515 or better you can upgrade to version 7.x which allows you to disable nat control. Any 6.x versions require nat in one form or another. Using the above static, you are natting same/same which is equal to not natting at all.
0
 
mahe2000Commented:
you have to use static to let outside users access internal network. however it is not a good idea to do this unless you restrict what services you want them to access.
although you restrict your services, it's not a good idea. i suggest you use a dmz to give outsiders some kind of service.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now