Firewall with only internal interfaces - no NAT/PAT

Answered Question
Mar 29th, 2007

Hello

I have a firewall (in this case a context within a FWSM, but I guess this applies also to any ASA) with only internal interfaces. That is, no interface is connected to internet, and there is no need for any address translation thru the fw.

What do I need to do to configure the firewall to not bother about NAT/PAT at all, and forward traffic only based on ACL:s?

The command "no nat-control" is a good start. But is there more that needs to be done?

Best regards

Jimmy

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 9 years 10 months ago

Hi Jimmy

That command will pretty much do it. Make sure once you have entered this command that you then don't have any nat/global statements as these would still be executed.

HTH

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Fri, 03/30/2007 - 00:35

Hi Jimmy

That command will pretty much do it. Make sure once you have entered this command that you then don't have any nat/global statements as these would still be executed.

HTH

Jon

Actions

This Discussion