Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT on 8.0 (4)

i dont see any nat config on the firewall but the inside network can access the DMZ with only using ACL.

inside :


with ACL allowing to access from the inside without NAT.

Is this suppose to work without NAT at all? i mean i dont see "no nat" config also.



Re: NAT on 8.0 (4)

Firewall must be in Transparent mode.

In transparent mode there is no need of NAT.

1.Use "show firewall" command, see the output, whether firewall is in transparent mode.

2.To return the firewall to routed mode, use "no firewall transparent" command in global config mode.

3.IN transparent mode using extended access-control lists you can allow L3 traffic.

HTH...rate if helpful..

New Member

Re: NAT on 8.0 (4)

its in router mode...

is the nat control disabled by default with this version?

Cisco Employee

Re: NAT on 8.0 (4)

If no nat-control is specified then you do not require NATTing (NAT TRANSLATIONS ARE BYPASSED)

Key Points for No Nat-Control:-

--All traffic leaving a PIX from a higher to lower security interface moves freely

--All traffic entering a PIX from a lower to higher security only requires an ACCESS-LIST

--NAT/GLOBAL pairs are needed only for traffic requiring address translation

For new configurations NAT control is disabled by default, following configuration migration/upgrades NAT-CONTROL is enabled so previous NAT behavior is maintained.

Do Rate If Helps !

New Member

Re: NAT on 8.0 (4)

thanks for the replies.

but as i said, "no nat control" wasnt specified. is it enabled by default on this version?when i show run, it doesnt show.

i have other version of asa and NAT is in use. when i show run on that box, "nat-control" shows.

Cisco Employee

Re: NAT on 8.0 (4)

By default, NAT control is disabled, so you do not need to perform NAT on any networks unless you choose to perform NAT.

Since its default behaviour, it will no show up in the sh run

New Member

Re: NAT on 8.0 (4)

thanks a lot.

any documentation for this?

Cisco Employee

Re: NAT on 8.0 (4)

NAT Control:-

The security appliance translates an address when a NAT rule matches the traffic. If no NAT rule matches, processing for the packet "CONTINUES". The EXCEPTION is when you enable NAT control using the nat-control command. NAT control requires that packets traversing from a higher security interface (inside) to a lower security interface (outside) match a NAT rule, or else processing for the packet stops. NAT is not required between same security level interfaces even if you enable NAT control. You can optionally configure NAT if desired.