Daniela Herrera Wed, 05/20/2009 - 16:28

When nat-control is enabled a nat rule is needed for traffic between interfaces with different security levels.

I believe you can disable nat-control (no nat-control) and still use nat translations on the interfaces that you need to: inside to outside for example with a nat and global rule. But nothing on dmz to inside/outside.


BrinksArgentina Thu, 05/21/2009 - 09:20

I use nat excemption with acl in every interface because is less complex to understand and troubleshot.


Actions

This Discussion