Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
753
Views
0
Helpful
4
Replies

No-nat on Asa

oybsteria
Level 1
Level 1

‎05-20-2009 12:36 AM - edited ‎03-11-2019 08:34 AM

Is it possible to turn off nat on some interfaces and use nat rules towards internet? Or do i have to use nat on all other interfaces when i enable nat on one?

Labels:
0 Helpful
4 Replies 4

handsy
Level 1
Level 1

‎05-20-2009 12:48 AM

NAT is interface-specific, not global.

0 Helpful

BrinksArgentina
Level 1
Level 1

‎05-20-2009 10:38 AM

You can create a NAT exemption to disable NAT. This uses an access-list and a nat command.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_bypassing.html

access-list noNATinside extended permit ip 192.168.0.0 255.255.252.0 10.0.0.0 255.0.0.0

nat (inside) 0 access-list noNATinside

0 Helpful

Daniela Herrera
Level 1
Level 1
In response to BrinksArgentina

‎05-20-2009 04:28 PM

When nat-control is enabled a nat rule is needed for traffic between interfaces with different security levels.

I believe you can disable nat-control (no nat-control) and still use nat translations on the interfaces that you need to: inside to outside for example with a nat and global rule. But nothing on dmz to inside/outside.

0 Helpful

BrinksArgentina
Level 1
Level 1
In response to Daniela Herrera

‎05-21-2009 09:20 AM

I use nat excemption with acl in every interface because is less complex to understand and troubleshot.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card