nat control

Unanswered Question
fzamora Mon, 10/16/2006 - 15:57
User Badges:
  • Cisco Employee,

From the command reference:


The difference between the no nat-control command and the nat 0 (identity NAT) command is that identity NAT requires that traffic be initiated from the local host. The no nat-control command does not have this requirement, nor does it require a static command to allow communication to inside hosts.


Disabling NAT control is similar to the same security level communication feature, which allows communication between two interfaces of the same security level without configuring a NAT rule, except that the NAT control feature is between hosts instead of interfaces.


http://www.cisco.com/en/US/partner/products/ps6120/products_command_reference_chapter09186a00805fd87f.html#wp1584176


Hope it helps


Franco Zamora

fzamora Tue, 10/17/2006 - 05:41
User Badges:
  • Cisco Employee,

Allows the traffic if the ACL is properly set.


Franco Zamora

cpembleton Fri, 10/20/2006 - 06:44
User Badges:
  • Silver, 250 points or more

disabling nat-control allows all traffic to pass from a higher security interface to a lower security interface (inside -> outside) even if it doesn't match a nat rule.


This does not affect low to high (outside -> inside) the normal rules still apply for this.


Here is a good explination on nat-control

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/nat.htm#wp1065218

Actions

This Discussion