Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

nat control

does the no nat control command disables the nat from low to high interface?

4 REPLIES
Cisco Employee

Re: nat control

From the command reference:

The difference between the no nat-control command and the nat 0 (identity NAT) command is that identity NAT requires that traffic be initiated from the local host. The no nat-control command does not have this requirement, nor does it require a static command to allow communication to inside hosts.

Disabling NAT control is similar to the same security level communication feature, which allows communication between two interfaces of the same security level without configuring a NAT rule, except that the NAT control feature is between hosts instead of interfaces.

http://www.cisco.com/en/US/partner/products/ps6120/products_command_reference_chapter09186a00805fd87f.html#wp1584176

Hope it helps

Franco Zamora

New Member

Re: nat control

so in general if no nat-control is used does it apply to all the traffic originating from interfaces that doesnot need nat,static etc

Cisco Employee

Re: nat control

Allows the traffic if the ACL is properly set.

Franco Zamora

Silver

Re: nat control

disabling nat-control allows all traffic to pass from a higher security interface to a lower security interface (inside -> outside) even if it doesn't match a nat rule.

This does not affect low to high (outside -> inside) the normal rules still apply for this.

Here is a good explination on nat-control

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/nat.htm#wp1065218

188
Views
0
Helpful
4
Replies
CreatePlease to create content