Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Nat-control on ASA-5540 v8.3.2?

Is there an equivelent command in 8.3.2 to turn off NAT; ie. no nat-control?

I think it used to be in v7.2 but can't find in in 8.3.2.   I'm using this 5540 stricktly for an IPSec VPN lan-2-lan tunnel head-end and do not need to NAT at all. If I can turn off NAT, then I won't have to deal with the obnoxious nat_0 ACL that grows and grows and grows. Is it possible in 8.3.2?

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Nat-control on ASA-5540 v8.3.2?

Hi,

The nat-control command was removed in version 8.3

The nat-control command is  deprecated. To maintain the requirement that all traffic from a higher  security interface to a lower security interface be translated, a NAT  rule will be inserted at the end of section 2 for each interface to  disallow any remaining traffic. The nat-control command was used for NAT configurations defined with earlier versions of  the adaptive security appliance. The best practice is to use access  rules for access control instead of relying on the absence of a NAT rule  to prevent traffic through the adaptive security appliance.

Check the following link for the nat-control migration information:

http://www.cisco.com/en/US/partner/docs/security/asa/asa83/upgrading/migrating.html#wp60212

Federico.

Re: Nat-control on ASA-5540 v8.3.2?

You can check the link here without needing CCO access:

http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp60212

Federico.

3 REPLIES

Re: Nat-control on ASA-5540 v8.3.2?

Hi,

The nat-control command was removed in version 8.3

The nat-control command is  deprecated. To maintain the requirement that all traffic from a higher  security interface to a lower security interface be translated, a NAT  rule will be inserted at the end of section 2 for each interface to  disallow any remaining traffic. The nat-control command was used for NAT configurations defined with earlier versions of  the adaptive security appliance. The best practice is to use access  rules for access control instead of relying on the absence of a NAT rule  to prevent traffic through the adaptive security appliance.

Check the following link for the nat-control migration information:

http://www.cisco.com/en/US/partner/docs/security/asa/asa83/upgrading/migrating.html#wp60212

Federico.

New Member

Re: Nat-control on ASA-5540 v8.3.2?

Is it possible to send me the document?  It is in a partner section of CCO which I do not have access to.  My e-mail is keeffe.j@ghc.org.  Thanks!

Re: Nat-control on ASA-5540 v8.3.2?

You can check the link here without needing CCO access:

http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp60212

Federico.

380
Views
0
Helpful
3
Replies
CreatePlease to create content