cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
585
Views
8
Helpful
4
Replies

ASA without NAT

harinirina
Level 1
Level 1

Hi all,

We've configured an ASA with simple architecture (PC - ASA - PC).

- We've configured interfaces and ACL permitting IP traffic.

PCs in inside and outside interface cannot ping each other.

We specified a STATIC (inside,outside) real_add_inside real_add_inside.

PCs in inside and outside interface can ping each other after adding this configuration.

We removed static configuration and the ASA is only configured with IP adress in each interface and ACL which permit all ip traffic.

After clearing xlate and rebooting ASA, PCs on inside and outside can always ping each other (as if removing the static configuration doesn't have impact on the connectivity between inside and outside).

We'd like to know if it is normal, if it is not necessary to configure NAT or STATIC to let inside and outside to communicate on ASA.

If so, what could be the reason ping doesn't work after first configuration.

4 Replies 4

srue
Level 7
Level 7

Hi,

When reading the doc, it seems we need to configure STATIC and ACL to be able to access inside network from outside.

what seems strange for us is that we can access inside network without STATIC but only ACL applied on interface outside.

we really appreciate if you could give more explanation on it.

PIX/ASA version 7.x and later have no nat-control, which means that by default you don't need to configure static statement. Default configuration of these versions of PIX?ASA doesn't require NAT.

If you want to have NAT required for all traffic passing thru, type nat-control. This will enable it.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml

Hi,

It's really helpfull, thanks a lot.

And what about FWSM, from each version nat-control is disabled?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: