Disable NAT 1

[UTTech]

2000 Small Business Server

Is there a way to disable Network Address Translation on ISA?

 

[dearingkr]

Why would you want to?

If you did, none of the client PC's would be able to get to the internet.

 

[UTTech]

Well is there a way I can disable NAT to certain addresses?

 

[dearingkr]

You can add filters to restrict specific sites.

Is this what you're looking for?

 

[UTTech]

Yes, I would like to disable translation for specific sites.

 

[dearingkr]

Open ISA

Expand 'Policy Elements'
Right-click 'Destination Sets' | 'New' | 'Set'
Add the sites you wish to block.
Finish the wizard.

Expand 'Access Policy'
Right-click 'Site and Content Rules'
Select 'New' | 'Rule'
Rule wizard starts.
Type in name of the rule. Next.
Select 'Deny' | can check 'Iff HTTP Request...' for custom error page. Next.
Select 'Deny Access Based on Destination'
Select 'Specified Destination Set'
Select the name of the destination set you created.
Finish the wizard.

That's it, you're done.

 

[UTTech]

I will try it. Thanks!!

 

[UTTech]

That didn't work. Basically, we created a VPN from out site to another site using Cisco PIX Firewall. When we ping the remote site with a workstation here, the IP address is translated to the server IP address. NAT is enabled on the PIX so I want to disable NAT on the server. Is this possible?

 

[dearingkr]

The only other idea I can come up with is to relocate your VPN. Instead of the initiating VPN from the PIX, do it from the server.