Firewall with only internal interfaces - no NAT/PAT

Answered Question
Mar 29th, 2007
User Badges:

Hello


I have a firewall (in this case a context within a FWSM, but I guess this applies also to any ASA) with only internal interfaces. That is, no interface is connected to internet, and there is no need for any address translation thru the fw.


What do I need to do to configure the firewall to not bother about NAT/PAT at all, and forward traffic only based on ACL:s?


The command "no nat-control" is a good start. But is there more that needs to be done?


Best regards

Jimmy


Correct Answer by Jon Marshall about 10 years 2 months ago

Hi Jimmy


That command will pretty much do it. Make sure once you have entered this command that you then don't have any nat/global statements as these would still be executed.


HTH


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Fri, 03/30/2007 - 00:35
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Jimmy


That command will pretty much do it. Make sure once you have entered this command that you then don't have any nat/global statements as these would still be executed.


HTH


Jon

Actions

This Discussion