Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

FWSM: no nat-control or nat-control

Dear All,

We'r using FWSM with 2.3(4) s/w

We intend to do no nat-control.

However, Version3.2 apparently can do this. How do we enable no nat-control or a similar function on v2.3?

More requirement, ideally we would want no nat control on some dmz1s/out paths and nat control on some dmz2s/out path.

Is this acheivable in both 2.3 and 3.2?




Re: FWSM: no nat-control or nat-control

instead of playing with nat control do the following

lets say ur dmz1 subnet is /24

and u wanna u se this subnet from the outside interface as there is no nat


static (dmz1, outside) netmask

and then make the permit ACL

because in FWSM not like ASA traffic denied by default even from higher security level to less

and then if u have device on dmz1 with ip u gonna see it from outside as

and this can be don between any two interfaces u want

good luck

please, if helpful rate

New Member

Re: FWSM: no nat-control or nat-control

We'r trying to initiate (say ping for now) connections from inside to unknown/dynamically known outsides.

I can use as outside to test. should the (outside, dmz1) work, if reversed?

Does this directional change make any difference. In the mean time i'm going to (again!) test your suggestion.

Re: FWSM: no nat-control or nat-control

there another way

also try and see it

let say ur inside network is

access-list 100 permit ip any

nat (inside) 1 access-list 100

global (outside) 1

rate if helpful

New Member

Re: FWSM: no nat-control or nat-control

nat (inside) 0

nat (outside) 0

I tried the above and working ok for now.

Will try the suggestion when we need to mix and match.

Thanks you Marwanshawi.



Re: FWSM: no nat-control or nat-control

i glad its working because when i see the rateing 3 i though didnt


New Member

Re: FWSM: no nat-control or nat-control

Thanks, it works with nat0

I'll be trying with nat1 later.

I also have another question, with v2.3, would nat 0 on one FWSM context and nat 1 on another context, but for the same interface/s work?

Re: FWSM: no nat-control or nat-control

sure u can because they are in defrent context then the source will be deffrent

and the nat policy will work independatly in each context

CreatePlease to create content