Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA without NAT

Hi all,

We've configured an ASA with simple architecture (PC - ASA - PC).

- We've configured interfaces and ACL permitting IP traffic.

PCs in inside and outside interface cannot ping each other.

We specified a STATIC (inside,outside) real_add_inside real_add_inside.

PCs in inside and outside interface can ping each other after adding this configuration.

We removed static configuration and the ASA is only configured with IP adress in each interface and ACL which permit all ip traffic.

After clearing xlate and rebooting ASA, PCs on inside and outside can always ping each other (as if removing the static configuration doesn't have impact on the connectivity between inside and outside).

We'd like to know if it is normal, if it is not necessary to configure NAT or STATIC to let inside and outside to communicate on ASA.

If so, what could be the reason ping doesn't work after first configuration.

4 REPLIES
Gold

Re: ASA without NAT

New Member

Re: ASA without NAT

Hi,

When reading the doc, it seems we need to configure STATIC and ACL to be able to access inside network from outside.

what seems strange for us is that we can access inside network without STATIC but only ACL applied on interface outside.

we really appreciate if you could give more explanation on it.

New Member

Re: ASA without NAT

PIX/ASA version 7.x and later have no nat-control, which means that by default you don't need to configure static statement. Default configuration of these versions of PIX?ASA doesn't require NAT.

If you want to have NAT required for all traffic passing thru, type nat-control. This will enable it.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml

New Member

Re: ASA without NAT

Hi,

It's really helpfull, thanks a lot.

And what about FWSM, from each version nat-control is disabled?

309
Views
8
Helpful
4
Replies
CreatePlease to create content