Exemption Rules in PIX 1

[shihlin]

I have question about Exemption Rules in the Cisco PIX. When should a translation exemption rules setup for the network? What is disadvantage of putting a translation exemption rules for a network? Will exemption rule cause client to by pass the Dynamic NAT rule in translation rules?

Sorry for these small questions but just can’t find much information on the Internet relates to exemption rules.

Thanks,


sh

 

[lgarner]

Will exemption rule cause client to by pass the Dynamic NAT rule in translation rules?" Yes.

Translation Exemption, also known as "NAT 0" tells the Pix to *not* translate the addresses. Technically, Pix will translate the address to itself, so this is also known as "identity NAT".

These rules are typically used when an address on the private side should appear as itself to the public side. I use it most with VPN's, where the nodes on both sides of the VPN should see the private addresses on the other side.

 

[shihlin]

Thanks for prompt reply.