PIX Security Appliance Translations and Connections
The identity nat command

Another feature that can be used to control outbound connections is the ability to control which internal IP addresses are visible on the outside. The nat 0 command lets administrators disable address translation so that inside IP addresses are visible on the outside without address translation . This feature can be used when there are InterNIC-registered IP addresses on the inside network that need to be accessible on the outside network. Use of the nat 0 command depends on your security policy.

If the policy allows internal clients to have their IP addresses exposed to the Internet, then the nat 0 command is used to provide that service.

In Figure , the address 192.168.0.9 is not translated. When the command nat (DMZ) 0 192.168.0.9 255.255.255.255 is entered, the PIX Security Appliance displays the following message:

nat 0 192.168.0.9 will be non-translated

It is important to note that NAT 0 enables the Internet server address to be visible on the outside interface. The administrator also needs to add a static in combination with an access-list to allow users on the outside to connect with the Internet server.


Lab Activity

e-Lab Activity: PIX Security Appliance NAT 0 Configuration

In this activity, the student will demonstrate how to use the nat 0 command.