Was wondering if anyone could provide me with or link me to a good explanation of nat-control. I remember a course instructor telling me with it disabled, the ASA acts basically like a router. Is this really the case?
I'd like to avoid all the complex nat configuration issues involved with configuring multiple DMZ's and I was hoping with nat-control disabled this would be the case.
I still require inside to outside nat translations and certain hosts on my public dmz to translate when they access the internet for certain services as well as static nat translations for internet facing servers.
Then I have my private DMZ that needs to talk to the public dmz and vica versa which I would prefer not to have to configure nat for.
Am I doomed to nat hell or will disabling nat-control be my saviour?
Thanking all in advance.
P.S, I'm waiting on the arrival of my new ASA 5520 to replace my Pix 515e v6.3 so I havn't had a chance to play with it yet.
With nat-control turned on traffic going from and inside network to outside network has to meet a nat statement or the packet is dropped. With Nat-control turned off if a packet doesn't match a nat rule it is left with the original address and sent on it's marry way.
It is more secure to use nat-control as it only allows known IP's to traverse the firewall.
Setting up Nat from one dmz to another is easy to do. Just use the subnets and it's 1 statement.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :