05-20-2009 12:36 AM - edited 03-11-2019 08:34 AM
Is it possible to turn off nat on some interfaces and use nat rules towards internet? Or do i have to use nat on all other interfaces when i enable nat on one?
05-20-2009 12:48 AM
NAT is interface-specific, not global.
05-20-2009 10:38 AM
You can create a NAT exemption to disable NAT. This uses an access-list and a nat command.
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_bypassing.html
access-list noNATinside extended permit ip 192.168.0.0 255.255.252.0 10.0.0.0 255.0.0.0
nat (inside) 0 access-list noNATinside
05-20-2009 04:28 PM
When nat-control is enabled a nat rule is needed for traffic between interfaces with different security levels.
I believe you can disable nat-control (no nat-control) and still use nat translations on the interfaces that you need to: inside to outside for example with a nat and global rule. But nothing on dmz to inside/outside.
05-21-2009 09:20 AM
I use nat excemption with acl in every interface because is less complex to understand and troubleshot.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: