11-02-2010 01:40 PM
Is there an equivelent command in 8.3.2 to turn off NAT; ie. no nat-control?
I think it used to be in v7.2 but can't find in in 8.3.2. I'm using this 5540 stricktly for an IPSec VPN lan-2-lan tunnel head-end and do not need to NAT at all. If I can turn off NAT, then I won't have to deal with the obnoxious nat_0 ACL that grows and grows and grows. Is it possible in 8.3.2?
Solved! Go to Solution.
11-02-2010 02:02 PM
Hi,
The nat-control command was removed in version 8.3
The nat-control command is deprecated. To maintain the requirement that all traffic from a higher security interface to a lower security interface be translated, a NAT rule will be inserted at the end of section 2 for each interface to disallow any remaining traffic. The nat-control command was used for NAT configurations defined with earlier versions of the adaptive security appliance. The best practice is to use access rules for access control instead of relying on the absence of a NAT rule to prevent traffic through the adaptive security appliance.
Check the following link for the nat-control migration information:
http://www.cisco.com/en/US/partner/docs/security/asa/asa83/upgrading/migrating.html#wp60212
Federico.
11-02-2010 02:14 PM
You can check the link here without needing CCO access:
http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp60212
Federico.
11-02-2010 02:02 PM
Hi,
The nat-control command was removed in version 8.3
The nat-control command is deprecated. To maintain the requirement that all traffic from a higher security interface to a lower security interface be translated, a NAT rule will be inserted at the end of section 2 for each interface to disallow any remaining traffic. The nat-control command was used for NAT configurations defined with earlier versions of the adaptive security appliance. The best practice is to use access rules for access control instead of relying on the absence of a NAT rule to prevent traffic through the adaptive security appliance.
Check the following link for the nat-control migration information:
http://www.cisco.com/en/US/partner/docs/security/asa/asa83/upgrading/migrating.html#wp60212
Federico.
11-02-2010 02:11 PM
Is it possible to send me the document? It is in a partner section of CCO which I do not have access to. My e-mail is keeffe.j@ghc.org. Thanks!
11-02-2010 02:14 PM
You can check the link here without needing CCO access:
http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp60212
Federico.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: