PIX to ASA migration and Nat-control

Answered Question


If I turn off Nat-control, does that mean that traffic coming through my outside interface to a routable subnet on a DMZ is not subject to stateful inspection?

Correct Answer by Jon Marshall about 9 years 11 months ago

Hi Jim


No it doesn't. You still need to allow the traffic with access-lists and when a connection is made from outside to the DMZ it will still get entered into the state table.


Nat and stateful inspection are 2 separate things.


HTH


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Thu, 07/19/2007 - 17:49
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Jim


No it doesn't. You still need to allow the traffic with access-lists and when a connection is made from outside to the DMZ it will still get entered into the state table.


Nat and stateful inspection are 2 separate things.


HTH


Jon

Actions

This Discussion