[c-nsp] PIX NAT 0
cigdem gur
cigdem_gur at yahoo.com
Thu Nov 2 03:16:58 EST 2006
Hi,
nat 0 means "do not NAT".
For example you have inside and DMZ network, and you
use private IP subnets for this two networks.
when the packets from inside and DMZ network going to
internet, you use NAT and translate the IP addresses
of the devices in these subnets to legal IP addresses.
But you may not want to use NAT for the traffic
between
inside and DMZ. May be, you want to use original
private addresses of inside and DMZ.
For example,
inside network ---> 192.168.1.0/24
DMZ ---> 10.0.0.0/24
Outside ---> 193.243.211.56/29
access-list inside_dmz_nat0_acl permit ip 192.168.1.0
255.255.255.0 10.0.0.0 255.255.255.0
nat (inside) 0 access-list inside_dmz_nat0_acl
According to the example above, the packets are
transmitted from inside (192.168.1.0/24) to DMZ
(10.0.0.0 /24) without NAT.
Also, if you use PDM or ASDM interface of PIX, you
will see "Tranlation Exemption Rules" under
"Translation Rules" tab which means "NAT 0", "do not
NAT".
--- Shakeel Ahmad <shakeelahmad at gmail.com> wrote:
> Can any one explain following command as i have
> found much documentation for
> it:
>
> nat 0 acl/IP Range
>
> My scenario is , i want to limit few subnet (inside)
> not to use internet -
> but at the very same time i want them to explicitly
> use public Internet for
> 1 or 2 IP's only.
>
> if any one can list his example.
>
> thanks in advance.
>
> SA
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
>
____________________________________________________________________________________
Everyone is raving about the all-new Yahoo! Mail
(http://advision.webevents.yahoo.com/mailbeta/)
More information about the cisco-nsp
mailing list