Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NO-NAT-CONTROL

Hi,

I have pix firewall 535 with IOS 7.x version. I have enable it with no-nat-control, to my understanding with this no-nat-control traffic from higher secuirty level to lower secuirty level allowed if there is no access-list. But from low to high still need of static and access-list. But in my case traffic from low to high is permitted without static. My outside network users are able to reach inside network without static.

Please tell me why it is so, why low to high permitted without static or is it the normal behaviour.

2 REPLIES

Re: NO-NAT-CONTROL

1) no nat-control allows traffic to pass thru the device without being nat'd/.

2) Traffic from a higher security level interface to a lower security level interface is allowed regardless of NAT and or ACL.

3) Traffic from a lower security level to a higher security level does require a ALC to allow it - unless you have configure interfaces with the SAME security level - and have configured the "same-security-traffic permit" same security interfaces can talk without an ACL.

4) have you configured any ACL's and applied them to the outside interface? like

access-list permit-all extended permit ip any any

access-group permit-all in interface outside

HTH.

Re: NO-NAT-CONTROL

wasim,

All fixed? or ?

204
Views
0
Helpful
2
Replies
CreatePlease login to create content