Nat 0 Question from a newbie

[Xpid]

Hi.

Assume this simple configuration of my FWSM (Pix).My pix has interfaces on each of this networks.Assume also any ip traffic is enabled between inside1 and inside for the purpouse of this testing scenario.

Inside1 (Internal LAN): 192.168.1.0/24
Inside2 (Internal LAN): 192.168.2.0/24
Outside (Internet): a.b.c.d

Now,I want NO translation on traffic flowing between Inside1 and Inside2 internal networks.

I've tried each of the following solutions and both of them works , however i would like someone explains me Pix behaviour on each one

Solution#1: nat (inside1) 0 192.168.1.0 255.255.255.0
Result: Traffic originating in 192.168.1.0 is not translated when directing to 192.168.2.0, as I expected.
However, traffic originating from 192.168.2.0 to 192.168.1.0 is also NOT translated.

I thought that maybe because this is not a Policy nat command ,this behaviour is expected, so i disabled nat command above and tried the following:

Solution#2:

access-list extended nonat permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

nat (inside1) 0 access-list nonat

Result:same as before, no translation is done between both internal networks regardless of the origin of connection.

Why Pix behaves like this?


Thanks for you help

New kid on Pix world

 

[lgarner]

See your other thread.

Pix WILL translate traffic from higher to lower security i/f unless told otherwise.
Pix WILL NOT translate traffic from lower to higher security i/f unless told otherwise.