cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
358
Views
0
Helpful
4
Replies

nat control

aksher
Level 1
Level 1

does the no nat control command disables the nat from low to high interface?

4 Replies 4

fzamora
Cisco Employee
Cisco Employee

From the command reference:

The difference between the no nat-control command and the nat 0 (identity NAT) command is that identity NAT requires that traffic be initiated from the local host. The no nat-control command does not have this requirement, nor does it require a static command to allow communication to inside hosts.

Disabling NAT control is similar to the same security level communication feature, which allows communication between two interfaces of the same security level without configuring a NAT rule, except that the NAT control feature is between hosts instead of interfaces.

http://www.cisco.com/en/US/partner/products/ps6120/products_command_reference_chapter09186a00805fd87f.html#wp1584176

Hope it helps

Franco Zamora

so in general if no nat-control is used does it apply to all the traffic originating from interfaces that doesnot need nat,static etc

Allows the traffic if the ACL is properly set.

Franco Zamora

cpembleton
Level 4
Level 4

disabling nat-control allows all traffic to pass from a higher security interface to a lower security interface (inside -> outside) even if it doesn't match a nat rule.

This does not affect low to high (outside -> inside) the normal rules still apply for this.

Here is a good explination on nat-control

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/nat.htm#wp1065218

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: