I had no nat-control on ASA, what I think is the ASA will allow traffic to traverse different interfaces as long as ACL permit it. No nat needed at all. However, when I tried to ping from outside to inside, ping failed and I found these debug information on the ASA:
The no-nat feature only applies to traffic that is traversing a higher level security interface to a lower one. So in other words, from inside to outside. In those instances, if no NAT statement is configured, the ASA will act as a regular router and forward packets based on the rules of the ACL only.
Just as a side note, Im not sure this applies to your situation, but if you want to remove or disable the nat-control statement in the PIX/ASA, you need to remove all NAT statements from the security appliance. In general, you need to remove the NAT before you turn off NAT control. You have to reconfigure the NAT statement in PIX/ASA to work as expected.
Thanks for the quick responses; I don't want to remove all NAT, we are just setting up a site-to-site VPN, and Site2 (remote) is running the terminal ping with is being logged with the error. When we attempt to 'pathping' the site2's ip, our traffic is getting routed out the public interface (to the internet). We're not thinking that on our end, there is not a proper route statement for site2, on the other side of the new VPN. And it is attempting to NAT the Site2 traffic to our internal LAN. Not sure though, we just need connectivity from 10.3.3.0/24 to/from 172.31.1.0/24.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...