Solved

Cisco PIX Configuration - One Internal Network (public IPs - No NAT)

Posted on 2006-10-31
4
233 Views
Last Modified: 2013-11-16
I am working on a PIX 500 series firewall with one internal network (class c - public) address space.

I can get the internal (inside) hosts to access the internet with no problem.  I cannot seem to have outside hosts access any internal hosts.

I have added:

access-list acl_out permit ip any any
access-group acl_out in interface outside
nat (inside) 0 x.x.x.x 255.255.255.0 0 0

Every sample pix config I see on the net assumes you want to use NAT.  We don't want to use private addresses on the internal network.
0
Comment
Question by:teksavers
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17846982
Don't use nat 0, rather use a static

no nat (inside) 0
clear xlate
static (inside,outside) 12.34.5.0 12.34.5.0 netmask 255.255.255.0

Which model PIX? If you have a 515 or better you can upgrade to version 7.x which allows you to disable nat control. Any 6.x versions require nat in one form or another. Using the above static, you are natting same/same which is equal to not natting at all.
0
 
LVL 3

Expert Comment

by:mahe2000
ID: 17849005
you have to use static to let outside users access internal network. however it is not a good idea to do this unless you restrict what services you want them to access.
although you restrict your services, it's not a good idea. i suggest you use a dmz to give outsiders some kind of service.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco WAP POE power 28 81
ASA DHCP setup 5 30
Use of vpn-filter value  in S2S VPN 2 35
How to access and configure Cisco Air LAP1142N 3 20
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question