Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT on the ASA- Help!

I'm pulling the configs off our old 515 firewalls and putting them on our new ASA 5500's. On the 515, we were NATng everything inside to a public address tied to the outside interface (not the interface address itself). Here is the config for the inside NAT

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 x.x.x.x

I also have similiar NAT statements on other interfaces on the PIX, all which are similiar as my inside NAT config.

My question is, do I need to enable nat-control on the ASAs to make it behave the same way as my 515s? I'm a little confused as to whether its needed or not?

2 REPLIES
Bronze

Re: NAT on the ASA- Help!

nat-control will make it mandatory for all traffic goint through the ASA to be NATed, with "no nat-control" you can have traffic with NAT 0 (no nat) goint through the firewall. If you use nat 0 you need "no nat-control" if you dont use nat 0 it makes no difference having or not nat control.

This is the information another member of NETPRO told me in an old post.

New Member

Re: NAT on the ASA- Help!

If you want to change device and to keep current configuration, best way to do this is to use new tool Pix-to-Asa migration tool.

It will change your configuration to adopt it to asa.

137
Views
5
Helpful
2
Replies
CreatePlease login to create content