Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

My ASA 5520 route without setting up an exepmtion nat

I issue a clear configure all, setup the interfaces and with this minimal configuration, a PC conected to the DMZ interface, can contact the router on the outside.

The ASA routes ip and (this is a lab) cause the router has the ASA as defaut gateway, the packets return to DMZ host.

But there is no Nat Exemption in the configuration!! How can it work?

ASA5520-K8, Version 8.0(2)

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: My ASA 5520 route without setting up an exepmtion nat

you need to read the documentation more

carefully. Starting with Pix 7.x and higher,

"no nat-control" is the default on pix

and ASA. Basically, the pix IS a router.

However, the basic principle still applies.

In other words, you still need ACL for low

to get to high.

CCIE Security

2 REPLIES
Silver

Re: My ASA 5520 route without setting up an exepmtion nat

you need to read the documentation more

carefully. Starting with Pix 7.x and higher,

"no nat-control" is the default on pix

and ASA. Basically, the pix IS a router.

However, the basic principle still applies.

In other words, you still need ACL for low

to get to high.

CCIE Security

Community Member

Re: My ASA 5520 route without setting up an exepmtion nat

I read NAT chapter again and I found that. The ASA routes packets if no NAT roule is set for the interface.

"Interfaces at the same security level are not required to use NAT to communicate. However, if you configure dynamic NAT or PAT on a same security interface, then all traffic from the interface to a same security interface or an outside interface must match a NAT rule, as shown"

Cisco Security Appliance Command Line

Configuration Guide--

Thanks!

244
Views
0
Helpful
2
Replies
CreatePlease to create content