NAT on the ASA- Help!

Unanswered Question
Sep 22nd, 2008

I'm pulling the configs off our old 515 firewalls and putting them on our new ASA 5500's. On the 515, we were NATng everything inside to a public address tied to the outside interface (not the interface address itself). Here is the config for the inside NAT

nat (inside) 1

global (outside) 1 x.x.x.x

I also have similiar NAT statements on other interfaces on the PIX, all which are similiar as my inside NAT config.

My question is, do I need to enable nat-control on the ASAs to make it behave the same way as my 515s? I'm a little confused as to whether its needed or not?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
guibarati Mon, 09/22/2008 - 06:11

nat-control will make it mandatory for all traffic goint through the ASA to be NATed, with "no nat-control" you can have traffic with NAT 0 (no nat) goint through the firewall. If you use nat 0 you need "no nat-control" if you dont use nat 0 it makes no difference having or not nat control.

This is the information another member of NETPRO told me in an old post.

veljko.tasic Mon, 09/22/2008 - 23:22

If you want to change device and to keep current configuration, best way to do this is to use new tool Pix-to-Asa migration tool.

It will change your configuration to adopt it to asa.


This Discussion