static NAT and NAT 0 in cisco PIX and ASA

Unanswered Question
Feb 2nd, 2010

Hi,

I have a question about NAT in cisco Firewalls (PIX and ASA).

I have the inside, outside, DMZ1 and DMZ2 zones, I dont want to enable NAT between these zones. I find that the use of static NAT is more difficult then the NAT 0 ( it needs more configuration lines ). can i use the NAT 0 ??

what's the difference between the static NAT and the NAT 0 in this case ??

Thank you for your comprehension.

Best regards,

Nour-Eddine

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sachinraja Tue, 02/02/2010 - 07:12

Yeah Nour


You can get it done with NAT 0.. with NAT 0 , the zones would obviously see the same IP address between themselves.. with the newer IOS in ASA, you have a command "no nat-control" which negates NAT between zones.. the only thing is, with NAT0, if you enable it for subnet, any host/server on the zones will be accessed from the other zone.. with static NAT, you have more control on the network, with whatever you want to allow.. as an administrator, any new PC or component on the network will not be accessed unless you specify a NAT statement.. If i were you i would do a NAT for critical components, and then allow access, but I have also seen a lot of networks with NAT 0...

Thanks & Regards

Raj

Actions

This Discussion