cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1491
Views
0
Helpful
19
Replies

No NAT - Cannot see the outside (ASA 7.x)

paulkalmes
Level 1
Level 1

Used the ADSM to create a startup config.

Since we are not using NAT do I have to create an route from the Outside interface to the Inside interface.

19 Replies 19

Collin Clark
VIP Alumni
VIP Alumni

What are your security-levels set too? If they are different, you will still need NAT.

nat (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0

If they are the same, try

same-security-traffic permit inter-interface

HTH

Thanks! I will give a look.

Outside is Sec Lev 0 and Inside is Sec Lev 100

i have the following commands:

static (Inside,Outside) host1 host1 netmask 255.255.255.255

...

static (Inside,Outside) hostn hostn netmask 255.255.255.255

I saw a note about "no nat-control", I know I don't have it in the config.

I'm new to NAT-Control, but it sounds like it would work since you have public addresses on the inside. Let us know how it works if you choose to use it.

PIX 7.0 introduces the nat-control command. You can use the nat-control command in configuration mode in order to specify if NAT is required for outside communications. With NAT control enabled, configuration of NAT rules is required in order to allow outbound traffic, as is the case with previous versions of PIX software. If NAT control is disabled (no nat-control), inside hosts can communicate with outside networks without the configuration of a NAT rule. However, if you have inside hosts that do not have public addresses, you still need to configure NAT for those hosts.

Thanks I am reading up on it now.

Thanks I am reading up on it now.

ajagadee
Cisco Employee
Cisco Employee

Please refer the below URL for configuration details:

PIX/ASA 7.x: Enable/Disable Communication Between Interfaces

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807fc191.shtml#Same

Regards,

Arul

** Please rate all helpful posts **

In version 6.x code, you will need this:

static (i,o) inside_net inside_net netmask /x

In Pix version 7.x code, the default is

"no nat-control". In other words, Pix will

route traffic just like router out of the

box.

However, ACL is still needed to go from low

to high.

CCIE security

I saw this command this morning. I will give it a try.

I have read this. It seems to assume that I am using NAT to hide private IP addresses.

I am trying to pass Public IP to Public IP traffic.

Yes, the pix, by default, will do that for you

due to the default, no nat-control, if that's

what you're asking.

Okay. Now this is getting good. I telneted to the ASA. conf t'ed the "no nat-control". Then I sho run and no "no nat-control" entry. Is it me or something very simple is being made very hard? There are static (inside,outside) commands from before. Should those be deleted?

Okay. Now this is getting good. I telneted to the ASA. conf t'ed the "no nat-control". Then I sho run and no "no nat-control" entry. Is it me or something very simple is being made very hard? There are static (inside,outside) commands from before. Should those be deleted?

Weird if I refresh the page it reposts the reply.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: