PIX to ASA migration and Nat-control

Answered Question

If I turn off Nat-control, does that mean that traffic coming through my outside interface to a routable subnet on a DMZ is not subject to stateful inspection?

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 9 years 4 months ago

Hi Jim

No it doesn't. You still need to allow the traffic with access-lists and when a connection is made from outside to the DMZ it will still get entered into the state table.

Nat and stateful inspection are 2 separate things.

HTH

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Thu, 07/19/2007 - 17:49

Hi Jim

No it doesn't. You still need to allow the traffic with access-lists and when a connection is made from outside to the DMZ it will still get entered into the state table.

Nat and stateful inspection are 2 separate things.

HTH

Jon

Actions

This Discussion