Solved

Cisco PIX Configuration - One Internal Network (public IPs - No NAT)

Posted on 2006-10-31
4
252 Views
Last Modified: 2013-11-16
I am working on a PIX 500 series firewall with one internal network (class c - public) address space.

I can get the internal (inside) hosts to access the internet with no problem.  I cannot seem to have outside hosts access any internal hosts.

I have added:

access-list acl_out permit ip any any
access-group acl_out in interface outside
nat (inside) 0 x.x.x.x 255.255.255.0 0 0

Every sample pix config I see on the net assumes you want to use NAT.  We don't want to use private addresses on the internal network.
0
Comment
Question by:teksavers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17846982
Don't use nat 0, rather use a static

no nat (inside) 0
clear xlate
static (inside,outside) 12.34.5.0 12.34.5.0 netmask 255.255.255.0

Which model PIX? If you have a 515 or better you can upgrade to version 7.x which allows you to disable nat control. Any 6.x versions require nat in one form or another. Using the above static, you are natting same/same which is equal to not natting at all.
0
 
LVL 3

Expert Comment

by:mahe2000
ID: 17849005
you have to use static to let outside users access internal network. however it is not a good idea to do this unless you restrict what services you want them to access.
although you restrict your services, it's not a good idea. i suggest you use a dmz to give outsiders some kind of service.
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question