NAT 0 means not to translate to a pool. Use only if they don't need
internet access or if they have legitimate IP addresses on the machines that
need no translation. Then the NAT 1 - whatever goes into place for each
pool & interface being NAT'd.
And like he said below, ICMP has to be enabled for inbound. Outbound access
can ping by default. What conduit statements did you use for the host?
Allen
----- Original Message -----
From: "Arun"
To:
Sent: Wednesday, May 30, 2001 4:36 AM
Subject: Re: Pix Firewall 515 [7:6301]
> hi
> how ur testing the access ..i hope this is by pinging the address ....and
as
> far as i know u need to permit icmp any any for this .......
> see if this is the case
> Regards
> Arun Sharma
> ""Keith Townsend"" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > 1. The number after the NAT and Global commands represent the pool
> number.
> > So for inside interface the nat should be 1 and the global should match.
> >
> > 2. If you have static mapped the ip addresses then all you have to do
is
> > add the conduit commands. Note the ip address that will be in the
conduit
> > will be the public ip address.
> >
> > Hope this helps.
> >
> > Keith Townsend
> >
> > ""Scott Dees"" wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Questions on configuring the Pix Firewall 515.
> > >
> > > 1
> > >
> > > I have an internal network that is using nat 1 on the inside
> interface
> > > to access the internet. My understanding of the pix is you have to
nat
> > your
> > > addresses in order for the pix to protect them. Should I use Nat 0 to
> > > protect my external or public address and if so how should I set it
up.
> > >
> > > 2
> > > I have a machine on the internal network that needs to be accessed
> from
> > > the outside. I have static mapped the internal address to a public
> > address
> > > and set up a conduit for the address also. Isn't that the solution or
> am
> > I
> > > forgetting something. I still can not access the unit.
> > >
> > > Please advise I am lost
> > >
> > > If you have any advice please let me know.
> > >
> > > Scott
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6449&t=6301
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
