Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
558
Views
13
Helpful
7
Replies

NAT on 8.0 (4)

ariesc_33
Level 1
Level 1

‎10-05-2008 07:30 PM - edited ‎03-11-2019 06:53 AM

i dont see any nat config on the firewall but the inside network can access the DMZ with only using ACL.

inside : 192.168.1.0

dmz: 172.16.1.0

with ACL allowing to access 172.16.1.0 from the inside without NAT.

Is this suppose to work without NAT at all? i mean i dont see "no nat" config also.

Thanks

Labels:
0 Helpful
7 Replies 7

satish_zanjurne
Level 4
Level 4

‎10-05-2008 09:14 PM

Firewall must be in Transparent mode.

In transparent mode there is no need of NAT.

1.Use "show firewall" command, see the output, whether firewall is in transparent mode.

2.To return the firewall to routed mode, use "no firewall transparent" command in global config mode.

3.IN transparent mode using extended access-control lists you can allow L3 traffic.

HTH...rate if helpful..

ariesc_33
Level 1
Level 1
In response to satish_zanjurne

‎10-05-2008 09:50 PM

its in router mode...

is the nat control disabled by default with this version?

0 Helpful

abinjola
Cisco Employee
Cisco Employee
In response to ariesc_33

‎10-05-2008 10:50 PM

If no nat-control is specified then you do not require NATTing (NAT TRANSLATIONS ARE BYPASSED)

Key Points for No Nat-Control:-

--All traffic leaving a PIX from a higher to lower security interface moves freely

--All traffic entering a PIX from a lower to higher security only requires an ACCESS-LIST

--NAT/GLOBAL pairs are needed only for traffic requiring address translation

For new configurations NAT control is disabled by default, following configuration migration/upgrades NAT-CONTROL is enabled so previous NAT behavior is maintained.

Do Rate If Helps !

ariesc_33
Level 1
Level 1
In response to abinjola

‎10-06-2008 12:04 AM

thanks for the replies.

but as i said, "no nat control" wasnt specified. is it enabled by default on this version?when i show run, it doesnt show.

i have other version of asa and NAT is in use. when i show run on that box, "nat-control" shows.

0 Helpful

abinjola
Cisco Employee
Cisco Employee
In response to ariesc_33

‎10-06-2008 12:09 AM

By default, NAT control is disabled, so you do not need to perform NAT on any networks unless you choose to perform NAT.

Since its default behaviour, it will no show up in the sh run

ariesc_33
Level 1
Level 1
In response to abinjola

‎10-06-2008 01:46 AM

thanks a lot.

any documentation for this?

0 Helpful

abinjola
Cisco Employee
Cisco Employee
In response to ariesc_33

‎10-06-2008 01:56 AM

NAT Control:-

The security appliance translates an address when a NAT rule matches the traffic. If no NAT rule matches, processing for the packet "CONTINUES". The EXCEPTION is when you enable NAT control using the nat-control command. NAT control requires that packets traversing from a higher security interface (inside) to a lower security interface (outside) match a NAT rule, or else processing for the packet stops. NAT is not required between same security level interfaces even if you enable NAT control. You can optionally configure NAT if desired.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/no.html#wp1737858

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card