If nat-control is enabled, you must configure a NAT rule before an inside host can communicate with any outside networks. The no nat-control command allows inside hosts to communicate with outside networks without configuring a NAT rule. Only hosts that undergo NAT need to have a NAT rule configured.
Two NAT policies are used to perform address translation on each packet that traverses the security appliance, an inside NAT policy and an outside NAT policy. If the nat-control command is enabled, each inside address must have an inside NAT rule before communication is permitted through the security appliance. Additionally, if outside dynamic NAT is enabled on an interface, each outside address must have an outside NAT rule before communication is permitted through the security appliance.
If the no nat-control command is configured and no NAT policy matches, an address rewrite is not performed and processing continues. The default is NAT control disabled (no nat-control command).
Note: To ensure backward compatibility, the nat-control command is automatically enabled if the startup configuration is six or lower.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...