01-10-2008 10:32 AM - edited 03-11-2019 04:46 AM
I issue a clear configure all, setup the interfaces and with this minimal configuration, a PC conected to the DMZ interface, can contact the router on the outside.
The ASA routes ip and (this is a lab) cause the router has the ASA as defaut gateway, the packets return to DMZ host.
But there is no Nat Exemption in the configuration!! How can it work?
ASA5520-K8, Version 8.0(2)
Thanks
Solved! Go to Solution.
01-10-2008 11:06 AM
you need to read the documentation more
carefully. Starting with Pix 7.x and higher,
"no nat-control" is the default on pix
and ASA. Basically, the pix IS a router.
However, the basic principle still applies.
In other words, you still need ACL for low
to get to high.
CCIE Security
01-10-2008 11:06 AM
you need to read the documentation more
carefully. Starting with Pix 7.x and higher,
"no nat-control" is the default on pix
and ASA. Basically, the pix IS a router.
However, the basic principle still applies.
In other words, you still need ACL for low
to get to high.
CCIE Security
01-16-2008 04:59 AM
I read NAT chapter again and I found that. The ASA routes packets if no NAT roule is set for the interface.
"Interfaces at the same security level are not required to use NAT to communicate. However, if you configure dynamic NAT or PAT on a same security interface, then all traffic from the interface to a same security interface or an outside interface must match a NAT rule, as shown"
Cisco Security Appliance Command Line
Configuration Guide--
Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: