handsy Wed, 05/20/2009 - 00:48
User Badges:

NAT is interface-specific, not global.

Daniela Herrera Wed, 05/20/2009 - 16:28
User Badges:

When nat-control is enabled a nat rule is needed for traffic between interfaces with different security levels.

I believe you can disable nat-control (no nat-control) and still use nat translations on the interfaces that you need to: inside to outside for example with a nat and global rule. But nothing on dmz to inside/outside.

BrinksArgentina Thu, 05/21/2009 - 09:20
User Badges:

I use nat excemption with acl in every interface because is less complex to understand and troubleshot.


This Discussion