Friday, 3 June 2011

NAT 0 statement in Cisco FIrewall (PIX/ASA)

NAT 0 STATEMENT:

nat (inside_interface_name) 0


NAT 0 has two affects:
   
  1. nat (inside_interface_name) 0 access-list 101 

    This works exactly the same way as static, except it bypasses NAT.  It does not require the connection to be initiated from the higher security interface before the host on the lower security interface can create a connection to the host on the higher security level interface.
  2. nat (inside_interface_name) 0 0.0.0.0 0.0.0.0 

    This bypasses NAT, but requires the host on the higher security interface to first initiate a connection to the host on the lower security interface before the host on the lower security interface can initiate
    a connection.

No comments:

Post a Comment