cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1028
Views
0
Helpful
7
Replies

nat-control

aksher
Level 1
Level 1

what is the functionality of nat-control st.

7 Replies 7

pmajumder
Level 3
Level 3

Hello,

The nat-control statement mandates that a translation policy be defined before hosts on the inside can send traffic out. Without this statement the appliance does not require the address to be translated.

Note that even with nat-control you can bypass translation by using "Identity NAT" or "NAT exemption"

Regards

Pradeep

the translation policy here means nat , global commands or the ACL

what is the consequence of the following

int(conf)#nat (inside) 1 10.0.1.0 255.255.255.0

int(conf)#nat (inside) 1 10.0.2.0 255.255.255.0

int(conf)#nat (dmz) 1 172.16.1.0 255.255.255.0

int(conf)#global (outside) 1 192.168.1.20-192.168.1.254 255.255.255.0

int(conf)#nat-control

do all the internal n/w hosts will be able to access ouotside?

Hi .. yes assuming the access-list applied to the respective interface allows outbound traffic then the networks

10.0.1.0

10.0.2.0

172.16.1.0

will be able to connect to outside and they will appear as 192.168.1.X

I hope it helps .. please rate if it does !!!

Yes they will be able to get out.

Another way to look at having the nat-control statement is that if packets matches a nat/pat policy then they will get translated otherwise they will be dropped. In the absense of the nat-control statment all packets will be allowed through translated or not - off course the non-translated ip's must be publicly routable.

Regards

Pradeep

so how can a specific inside interface be blocked in the presence of nat-control

In that situation make sure the host(s) or subnet has no address translation defined. This means you must not have any NAT/PAT policy, Indentity NAT, or NAT exemption defined for that network.

Regards

Pradeep

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: