Bypassing Arrangement Abode Translation
Suppose we use NAT on all outbound cartage from central networks to the
Internet. Because we appetite to adit all cartage amid the central networks on
each firewall, we charge exclude this cartage from arrangement abode translation.To
bypass NAT, we can use the nat 0 command with the aforementioned admission account that defines
our IPsec traffic:
PIX1(config)# nat 0 access-list crypto1
PIX1(config)# nat (inside) 1 0 0
PIX1(config)# all-around (outside) 1 12.23.34.46
PIX2(config)# nat 0 access-list crypto2
PIX2(config)# nat (inside) 1 0 0
PIX2(config)# all-around (outside) 1 23.34.45.57