Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

No-nat on Asa

Is it possible to turn off nat on some interfaces and use nat rules towards internet? Or do i have to use nat on all other interfaces when i enable nat on one?

4 REPLIES
New Member

Re: No-nat on Asa

NAT is interface-specific, not global.

New Member

Re: No-nat on Asa

You can create a NAT exemption to disable NAT. This uses an access-list and a nat command.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_bypassing.html

access-list noNATinside extended permit ip 192.168.0.0 255.255.252.0 10.0.0.0 255.0.0.0

nat (inside) 0 access-list noNATinside

New Member

Re: No-nat on Asa

When nat-control is enabled a nat rule is needed for traffic between interfaces with different security levels.

I believe you can disable nat-control (no nat-control) and still use nat translations on the interfaces that you need to: inside to outside for example with a nat and global rule. But nothing on dmz to inside/outside.

New Member

Re: No-nat on Asa

I use nat excemption with acl in every interface because is less complex to understand and troubleshot.

393
Views
0
Helpful
4
Replies