-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/mr.htm#1032129
Usage Guidelines The nat command lets you enable or disable address translation for one or more internal addresses. Address translation means that when a host starts an outbound connection, the IP addresses in the internal network are translated into global addresses. Network Address Translation (NAT) allows your network to have any IP addressing scheme and the PIX Firewall protects these addresses from visibility on the external network. The nat outside option lets you enable or disable address translation for the external addresses. The nat if_name 0 access-list acl_name command lets you exempt traffic that is matched by the access-list command statements from the NAT services. Adaptive Security remains in effect with the nat 0 access-list command. The extent to which the inside hosts are accessible from the outside depends on the access-list command statements that permit inbound access. The if_name is the higher security level interface name. The acl_name is the name you use to identify the access-list command statement. With PIX Firewall software version 5.3 and higher, there is no longer a restriction on having the nat 0 command (Identity NAT) and the nat 0 access-list command configured at the same time. Both the nat 0 command and the nat 0 access-list command may be configured concurrently. The access-list option changes the behavior of the nat 0 command. (Without the access-list option, the command is backward compatible with previous versions.) The nat 0 command implemented the identity feature; this new version of the command disables NAT. Specifically, the new behavior disables proxy ARPing for the IP addresses in the nat 0 command statement. http://www.cisco.com/warp/public/707/28.html Define the inside group to be included for NAT: nat (inside) 0 175.1.1.0 255.255.255.0 >>>>disabled nat nat (inside) 1 10.1.6.0 255.255.255.0 >>>>enabled nat - -----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Michael Vasilenko Verzonden: zondag 19 januari 2003 17:21 Aan: [EMAIL PROTECTED] Onderwerp: PIX NAT bypass [7:61338] Hello! I need to implement unidirectional traffic flow with NAT bypass through PIX. Any help, links, config examples would be fine. Thanks. - -- Michael Vasilenko Version: PGP 8.0 iQA/AwUBPixvCXdq56XWk+VyEQLNdACbBN+D0sbxbYj8M3pPIWC7q09Gk40AoNnZ CR9mRTQti3JfttFfnetjP0X7 =+Rd7 -----END PGP SIGNATURE----- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61412&t=61338 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]