there are different situations when you will want to do what you are doing, but here's a quick breakdown.
"nat (inside) 0 access-list not-nated" [1] "nat (inside) 1 0.0.0.0 0.0.0.0 0 0" [2] "access-list not-nated permit ip IP_not_nated_to_the_Internet Subnet_Mask_of_device_not_nated any" [3] "global (outside) 1 IP_Address_used_for_PAT_pool" [4] [1] Traffic NOT Nat'd defined by the ACL "not-nated" [2] Traffic Nat'd when outbound to the Internet (0.0.0.0 0.0.0.0 0 0 = everybody) [3] Source IP's that are NOT to be NAT'd when sending outbound traffic to the Internet [4] Devices on the (inside) Lan will use this IP Address as their Source IP using PAT when accessing the Internet What this will do is NOT 'NAT' the devices accessing the Internet that are in the ACL "not-nated", and it will then NAT everybody else to the IP Address that is PAT (Port Address Translated) since you will be allowing everybody else with the "0.0.0.0 0.0.0.0 0 0" of the "nat (inside) 1" config command. You also can use an ACL on the "nat (inside) 1 access-list do-nat", and specify what devices get NAT'd when sending outbound traffic to the Internet. I hope this information helps. If you have any questions feel free to ask. Thanks and there's my $0.02, - jek "Allen May" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > By default all outbound connections are enabled and all inbound are blocked. > > ----- Original Message ----- > From: "Philip Sousa" > To: > Sent: Wednesday, January 09, 2002 12:32 AM > Subject: PIX with no NAT [7:31353] > > > > I've been on Cisco's site for hours, but cannot find a conclusive answer > to > > my question. When you disable NAT (NAT 0) to allow the use of public IP's > > behind the PIX, are the internal nodes allowed to start outbound > connections > > by default?? I need to selectively allow nodes behind the firewall to > start > > outbound connections on certain port....how should I accomplish this? > > Access-lists? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31941&t=31353 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]