10-30-2008 03:18 AM - edited 03-11-2019 07:05 AM
Hi,
I have an ASA5520 which is to be deployed in out internal network and the following subnets are configured..
outside -> 10.1.127.0 -> security level 0
inside -> 10.1.110.0 -> security level 100
We want the firewall to work more as a router only with no nat configuration at the same time the source & destination address should be able to ping each without compromising on security.
Regards,
Syed
10-30-2008 04:26 AM
no nat-control.
access-list outside permit ip any any log
access-group outside in interface outside
Now you have a router.
10-30-2008 04:31 AM
Thanks,
Is there any need to add configuration related to NAT ex..
nat (inside) 0 0.0.0 0.0.0.0.0 ???
Regards,
Syed
10-30-2008 04:39 AM
No. ASA, by default, will have "no nat-control"
enable.
10-30-2008 04:46 AM
I've done what you've suggested but still I can ping the other networks.
Regards,
Syed
10-30-2008 05:04 AM
post your config.
You must have other NATs on
the ASA. Once you enable PAT or STATIC NAT,
"no nat-control" becomes useless.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide