How to configure NO NAT on ASA 5520, this is urgent!!

Unanswered Question
Oct 30th, 2008
User Badges:

Hi,


I have an ASA5520 which is to be deployed in out internal network and the following subnets are configured..


outside -> 10.1.127.0 -> security level 0

inside -> 10.1.110.0 -> security level 100


We want the firewall to work more as a router only with no nat configuration at the same time the source & destination address should be able to ping each without compromising on security.


Regards,

Syed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco24x7 Thu, 10/30/2008 - 04:26
User Badges:
  • Silver, 250 points or more

no nat-control.

access-list outside permit ip any any log

access-group outside in interface outside


Now you have a router.

csco11049253 Thu, 10/30/2008 - 04:31
User Badges:

Thanks,


Is there any need to add configuration related to NAT ex..


nat (inside) 0 0.0.0 0.0.0.0.0 ???


Regards,

Syed

cisco24x7 Thu, 10/30/2008 - 04:39
User Badges:
  • Silver, 250 points or more

No. ASA, by default, will have "no nat-control"

enable.

csco11049253 Thu, 10/30/2008 - 04:46
User Badges:

I've done what you've suggested but still I can ping the other networks.


Regards,

Syed

cisco24x7 Thu, 10/30/2008 - 05:04
User Badges:
  • Silver, 250 points or more

post your config.


You must have other NATs on

the ASA. Once you enable PAT or STATIC NAT,

"no nat-control" becomes useless.

Actions

This Discussion