ASA without NAT

Unanswered Question
May 22nd, 2009

Hi all,

We've configured an ASA with simple architecture (PC - ASA - PC).

- We've configured interfaces and ACL permitting IP traffic.

PCs in inside and outside interface cannot ping each other.

We specified a STATIC (inside,outside) real_add_inside real_add_inside.

PCs in inside and outside interface can ping each other after adding this configuration.

We removed static configuration and the ASA is only configured with IP adress in each interface and ACL which permit all ip traffic.

After clearing xlate and rebooting ASA, PCs on inside and outside can always ping each other (as if removing the static configuration doesn't have impact on the connectivity between inside and outside).

We'd like to know if it is normal, if it is not necessary to configure NAT or STATIC to let inside and outside to communicate on ASA.

If so, what could be the reason ping doesn't work after first configuration.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
harinirina Fri, 05/22/2009 - 05:15


When reading the doc, it seems we need to configure STATIC and ACL to be able to access inside network from outside.

what seems strange for us is that we can access inside network without STATIC but only ACL applied on interface outside.

we really appreciate if you could give more explanation on it.

romapopov Fri, 05/22/2009 - 11:15

PIX/ASA version 7.x and later have no nat-control, which means that by default you don't need to configure static statement. Default configuration of these versions of PIX?ASA doesn't require NAT.

If you want to have NAT required for all traffic passing thru, type nat-control. This will enable it.

harinirina Tue, 05/26/2009 - 06:24


It's really helpfull, thanks a lot.

And what about FWSM, from each version nat-control is disabled?


This Discussion