octavian10
MIS
Here I go again with ICMP questions, anyway I have a PIX with 3 Interface's
outside 200.200.200.1
inside 192.168.1.0
dmz 192.168.2.0
I run the following access-list to disable NAT between the inside and dmz interfaces's.
access-list NO_NAT permit ip 192.168.1.0/24 192.168.2.0/24
nat (inside) 0 access-list NO_NAT
This NAT exemption works fine but I am having a hard time permitting icmp trafic between these networks. I have tried diffrent access-list's and static translations but I cannot get it to work. I have no problem with icmp when nat is involved but I think NAT exemption requires a diffrent thought process. Any help is much appreciated.
By the way this pix is running FOS 7.X and I know about the ICMP INSPECT modification to the default service policy, but I still want to know how to permit icmp with NAT exemption.
"I hear and I forget. I see and I remember. I do and I understand."
- Confucius (551 BC - 479)
outside 200.200.200.1
inside 192.168.1.0
dmz 192.168.2.0
I run the following access-list to disable NAT between the inside and dmz interfaces's.
access-list NO_NAT permit ip 192.168.1.0/24 192.168.2.0/24
nat (inside) 0 access-list NO_NAT
This NAT exemption works fine but I am having a hard time permitting icmp trafic between these networks. I have tried diffrent access-list's and static translations but I cannot get it to work. I have no problem with icmp when nat is involved but I think NAT exemption requires a diffrent thought process. Any help is much appreciated.
By the way this pix is running FOS 7.X and I know about the ICMP INSPECT modification to the default service policy, but I still want to know how to permit icmp with NAT exemption.
"I hear and I forget. I see and I remember. I do and I understand."
- Confucius (551 BC - 479)
