Can someone explain me what is the use of command nat-control and no nat-controm on ASA. As I am newbie to ASA.
I tried to search a lot on internet but I didn't simple and explainative answer
Please can anyone help me out
That depends upon your requirement. You could hide your internal clients
behind a DMZ address by using NAT (if you want it to be more secure) or you
can certainly use NAT exemption. One drawback of NAT exemption (access-list
based nat 0 configuration) is that it will allow bi-directional connection.
So, anybody from DMZ can open connections to your internal network. Dynamic
PAT on the DMZ interface will ensure that nobody is allowed to open an
unauthorized connection from DMZ to inside.
In the reverse path, if you would like, you can force all your internal
clients to browse that server using its public IP as well. If you have an
internal DNS server that resolves all DNS queries for your domain, you have
the freedom of setting the A record for your website and set either public
IP or private IP based on your requirements. If you decide that you want to
use public IP, then you will need to use Static NAT. If you want to use
private IP, then you do not need to do anything. But if you want to use both
addresses, then you need to make use of policy-nat configurations.
Hope this helps.