It is my understanding that NAT is the basis for the PIX firewall and as such can't be "disabled". (This includes it's cousin PAT - port address translation and static NAT's).
Here is a portion of the config for configuring failover:
ip address outside x.x.x.1 255.255.255.0
ip address inside y.y.y.1 255.255.255.0
ip address crosslink z.z.z.1 255.255.255.0
ip address backchannel w.w.w.1 255.255.255.0
failover
failover timeout 0:00:00
failover ip address outside x.x.x.2
failover ip address inside y.y.y.2
failover ip address dmz-web z.z.z.2
failover ip address dmz-auth w.w.w.2
failover link inside
Thanks,
Ian
-----Original Message-----
From: Vinod Anthony Joseph Cherunni vac@dsqworld.com
Sent: Fri, 20 Apr 2001 18:23:49 +0530
To: routerman@visto.com
CC: cisco-nsp@puck.nether.net
Subject: Re: [nsp] REG: PIX Failover Bundle.
Hi,
Thanks a lot for the advice. Just a couple of queries in mind.
In a config as below -
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz-web security60
nameif ethernet3 dmz-auth security3
Assuming I am not using NAT on any interfaces, & need to disable it. How
would I achieve the same on all my PIX interfaces.
Secondly it would be great if you could send me a sample config for the
PIX failover part.
With kind regards,
Vinod.
___________________________________________________________________________
Visit http://www.visto.com/info, your free web-based communications center.
Visto.com. Life on the Dot.
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:35 EDT