09-27-2006 10:50 AM - edited 03-09-2019 04:19 PM
what is the functionality of nat-control st.
09-27-2006 12:47 PM
Hello,
The nat-control statement mandates that a translation policy be defined before hosts on the inside can send traffic out. Without this statement the appliance does not require the address to be translated.
Note that even with nat-control you can bypass translation by using "Identity NAT" or "NAT exemption"
Regards
Pradeep
09-27-2006 01:51 PM
the translation policy here means nat , global commands or the ACL
09-27-2006 02:49 PM
what is the consequence of the following
int(conf)#nat (inside) 1 10.0.1.0 255.255.255.0
int(conf)#nat (inside) 1 10.0.2.0 255.255.255.0
int(conf)#nat (dmz) 1 172.16.1.0 255.255.255.0
int(conf)#global (outside) 1 192.168.1.20-192.168.1.254 255.255.255.0
int(conf)#nat-control
do all the internal n/w hosts will be able to access ouotside?
09-27-2006 06:48 PM
Hi .. yes assuming the access-list applied to the respective interface allows outbound traffic then the networks
10.0.1.0
10.0.2.0
172.16.1.0
will be able to connect to outside and they will appear as 192.168.1.X
I hope it helps .. please rate if it does !!!
09-28-2006 04:10 AM
Yes they will be able to get out.
Another way to look at having the nat-control statement is that if packets matches a nat/pat policy then they will get translated otherwise they will be dropped. In the absense of the nat-control statment all packets will be allowed through translated or not - off course the non-translated ip's must be publicly routable.
Regards
Pradeep
09-28-2006 08:14 AM
so how can a specific inside interface be blocked in the presence of nat-control
09-28-2006 09:37 AM
In that situation make sure the host(s) or subnet has no address translation defined. This means you must not have any NAT/PAT policy, Indentity NAT, or NAT exemption defined for that network.
Regards
Pradeep
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: