Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
9
Helpful
1
Replies

PIX NO-NAT-Control

wasiimcisco
Level 1
Level 1

‎05-05-2008 01:08 AM - edited ‎03-11-2019 05:40 AM

have pix firewall 535 with IOS 7.x version. I have enable it with no-nat-control, to my understanding with this no-nat-control traffic from higher secuirty level to lower secuirty level allowed if there is no access-list. But from low to high still need of static and access-list. But in my case traffic from low to high is permitted without static. My outside network users are able to reach inside network without static.

Please tell me why it is so, why low to high permitted without static or is it the normal behaviour.

Labels:
0 Helpful
1 Reply 1

srue
Level 7
Level 7

‎05-05-2008 05:13 AM

with "no nat-control", IP addresses on a higher security level interface do not need any sort of nat translation to go to a lower security level interface. This has nothing to do with ACL's (unless you're talking about policy NAT).

IP's on a lower security level interface never need a NAT translation entry to go to a higher security level interface.

If "nat-conrol" is enabled, IP's on a higher security level interface need some sort of NAT statement when going to a lower security level interface.

Things get even fuzzier with regards to same security level interfaces.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card