Solved: Re: ASA-5540 used for IPSec VPN only - can I do away with Nat 0?

jkeeffe · ‎01-28-2010

I am going to use an ASA-5540 as our VPN head-end termination device only - and not as a firewall.

Also, we have a routeable class-B address for our internal enterprise address space, so we have no need to NAT. I'd like to turn off the NAT 0 function if I can so I don't have to always add to the NAT 0 just to make sure that the 5540 does not NAT.

Is there any easy way to disable the need use NAT 0?

Are there any draw backs to doing that?

yamramos.tueme · ‎02-04-2010

You can disable the use of nat 0 by disabling nat-control.

To get this done, go to global config mode and use this command:

no nat-control

To check if you have it enabled or not, you can check it with:

sh run nat-control

Cheers!

- Yamil

View solution in original post

yamramos.tueme · ‎02-04-2010

You can disable the use of nat 0 by disabling nat-control.

To get this done, go to global config mode and use this command:

no nat-control

To check if you have it enabled or not, you can check it with:

sh run nat-control

Cheers!

- Yamil

yamramos.tueme · ‎02-04-2010

You can disable the use of nat 0 by disabling nat-control.

To get this done, go to global config mode and use this command:

no nat-control

To check if you have it enabled or not, you can check it with:

sh run nat-control

Cheers!

- Yamil

yamramos.tueme · ‎02-04-2010

You can disable the use of nat 0 by disabling nat-control.

To get this done, go to global config mode and use this command:

no nat-control

To check if you have it enabled or not, you can check it with:

sh run nat-control

Cheers!

- Yamil