Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

static NAT and NAT 0 in cisco PIX and ASA

Hi,

I have a question about NAT in cisco Firewalls (PIX and ASA).

I have the inside, outside, DMZ1 and DMZ2 zones, I dont want to enable NAT between these zones. I find that the use of static NAT is more difficult then the NAT 0 ( it needs more configuration lines ). can i use the NAT 0 ??

what's the difference between the static NAT and the NAT 0 in this case ??

Thank you for your comprehension.

Best regards,

Nour-Eddine

1 REPLY

Re: static NAT and NAT 0 in cisco PIX and ASA

Yeah Nour


You can get it done with NAT 0.. with NAT 0 , the zones would obviously see the same IP address between themselves.. with the newer IOS in ASA, you have a command "no nat-control" which negates NAT between zones.. the only thing is, with NAT0, if you enable it for subnet, any host/server on the zones will be accessed from the other zone.. with static NAT, you have more control on the network, with whatever you want to allow.. as an administrator, any new PC or component on the network will not be accessed unless you specify a NAT statement.. If i were you i would do a NAT for critical components, and then allow access, but I have also seen a lot of networks with NAT 0...

Thanks & Regards

Raj

570
Views
0
Helpful
1
Replies
CreatePlease to create content