nat command 1

[DomenicoC]

Hi,

I am new to cisco, can some explian with some detail what this command does?

nat (inside) 0 access-list nonat
nat (inside) 1 10.1.1.0 255.255.255.0 0 0

Here is the access list.

access-list nonat permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0

Thanks,

Dom

 

[ciscofreak1241]

You would normally configure this ACL when there is a Site-Based VPN established between sites. This means that network 10.1.1.0 communicating with network 10.2.2.0 will not be NATed and will maintain it's same IP Address acorss the VPN tunnel.

nat (inside) 0 access-list nonat
access-list nonat permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0


This just means that only the 10.1.1.0 network connect to the "inside" interface of the PIX will be NATed under group-id "1" dynamically or using PAT.
nat (inside) 1 10.1.1.0 255.255.255.0 0 0

There should be another command that would correspond with the "outside" interface under group-id "1", for example
global (outside) 1 X.X.X.X

Hope that helps.

cf