Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
2 posts • Page 1 of 1
Hello, nat-control (or no nat-control) is a way of enforcing the NAT requirementson the Cisco Firewall (pre 8.3 code versions). If you configure nat-control,then the firewall enforce the rule that every packet going from highersecurity to lower security needs a NAT rule configured. If you configure "nonat-control", then the firewall will not enforce the NAT requirement as longas you have not configured any NAT rule for a specific traffic flow on thatinterface. http://www.cisco.com/en/US/products/ps6 ... l#backinfo Hope this helps. Regards, NT
Thanks for your fast responseI would like to let you know that the link you provided is not availableWhat I understand from your explanation when we dont want to use NAT from High Security-level interface to low security interface level. For instance. from inside to dmz.Can you give me an example for further clarification. Thanks I really appreciate
Hello, Here is the link again: http://tinyurl.com/dmvylq So, essentially, when you disable nat-control, you are allowed to go fromhigher security interface to lower security interface without NAT. Forexample, let us say you have a public IP range on your inside network andDMZ network. Then, you actually do not need any NAT. So, you could disableNAT control. The other scenario I can think of is if you have firewall justto protect different network segments and you have a different device thatis handling NAT. In that case, again you can use "no nat-control". http://tinyurl.com/6gcquh Hope this helps. Regards, NT
Hi,Assume that I have internal hosts and I want to allow them to access a Web Server residing in DMZ segment, And this server has Private IP address for eg:172.16.1.5. Therfore in that case I can use exempt nat, this is what explaination I got after surfing on the web. Please advice.