PIX and icmpn NONAT

From: Stefan Grey (examplebrain@hotmail.com)
Date: Fri Aug 04 2006 - 07:35:31 ART

• Next message: Stefan Grey: "PIX and SSH test"
• Previous message: Ivan: "Re: RIP and ip prefix-list redistribution problem"
• Next in thread: Stefan Grey: "RE: PIX and icmpn NONAT"
• Maybe reply: Stefan Grey: "RE: PIX and icmpn NONAT"
• Maybe reply: Curt Girardin: "RE: PIX and icmpn NONAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

R1 - PIX - R2. Well I want R1 and R2 be able to ping each other without NAT
translation but other traffic should be with NAT translation. The solution
for this I found was:
nat (inside) 1 access-list NONAT
access-list NONAT permit ip 11.11.11.11 22.22.22.22.

but if I use access-list NONAT permit icmp 11.11.11.11 22.22.22.22
I see the warning that the protocol and port will not be used.

Is there some solution for the task I described. I need to NONAT not all the
trafic but just icmp.

Thanks,

• Next message: Stefan Grey: "PIX and SSH test"
• Previous message: Ivan: "Re: RIP and ip prefix-list redistribution problem"
• Next in thread: Stefan Grey: "RE: PIX and icmpn NONAT"
• Maybe reply: Stefan Grey: "RE: PIX and icmpn NONAT"
• Maybe reply: Curt Girardin: "RE: PIX and icmpn NONAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:56 ART