https://community.cisco.com/t5/network-security/nat-question-for-asa-running-8-4-5/m-p/2133853#M416605 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Yes, we have a customer firewall (behind the actual Internet firewall) that has absolutely no NAT configurations. Its only doing access control with ACLs acting as a border between 2 local network segments.</P><P></P><P>- Jouni</P></BODY></HTML> Sat, 26 Jan 2013 01:35:56 GMT Jouni Forss 2013-01-26T01:35:56Z https://community.cisco.com/t5/network-security/nat-question-for-asa-running-8-4-5/m-p/2133849#M416601 <P>We have a client who is about to hang an ASA off the DMZ of our firewall that is running 8.4(5). That firewall is currently on a different part of our network, and NAT is going to be significantly changed. Now, everything on the clients firewall needs to be NATed on the outside to the same as the internal IP scheme, e.g. like the old "static (inside,outside) 172.16.16.0 172.16.16.0 netm 255.255.255.0" command.</P><P></P><P>When I look at Cisco's document for NAT conversion (</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp96828" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp96828</A><SPAN>), I don't see any conversion between the two. This isn't a "nat 0" because Internet users will need access to some hosts on the inside of our client's firewall.</SPAN></P><P></P><P>Can someone please point me in the right direction? Thanks</P> Fri, 21 Feb 2020 12:49:27 GMT https://community.cisco.com/t5/network-security/nat-question-for-asa-running-8-4-5/m-p/2133849#M416601 baskervi 2020-02-21T12:49:27Z https://community.cisco.com/t5/network-security/nat-question-for-asa-running-8-4-5/m-p/2133850#M416602 <HTML><HEAD></HEAD><BODY><P>Will the following work:</P><P></P><P><SPAN style="font-size: 10pt;">nat (inside,outside) source static any any </SPAN><SPAN style="font-size: 10pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></P></BODY></HTML> Fri, 25 Jan 2013 07:01:52 GMT https://community.cisco.com/t5/network-security/nat-question-for-asa-running-8-4-5/m-p/2133850#M416602 baskervi 2013-01-25T07:01:52Z https://community.cisco.com/t5/network-security/nat-question-for-asa-running-8-4-5/m-p/2133851#M416603 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Lets assume that the following is true</P><UL><LI>The new ASA has "inside" and "outside" network/interface only</LI><LI>The new ASA doesnt have to do ANY NAT from "inside" to "outside" traffic at any situation (your firewall handles this?)</LI></UL><P></P><P>Then you can simply have the ASA with absolutely NO NAT configurations. The ASA with the new software versions 8.3 and above automatically passes all traffic UNNATED through the ASA. We use this on one customer and it works just fine.</P><P></P><P>Please let me know if the above is the case or if not can think of something else</P><P></P><P>- Jouni</P></BODY></HTML> Fri, 25 Jan 2013 21:12:09 GMT https://community.cisco.com/t5/network-security/nat-question-for-asa-running-8-4-5/m-p/2133851#M416603 Jouni Forss 2013-01-25T21:12:09Z https://community.cisco.com/t5/network-security/nat-question-for-asa-running-8-4-5/m-p/2133852#M416604 <HTML><HEAD></HEAD><BODY><P>With the previous versions of firmware, with "nat (inside) 0" and "global outside" commands, you couldn't initiate traffic from the outside to the inside. We will need to do this. So I can simply remove all NAT commands, and it will work fine?</P></BODY></HTML> Fri, 25 Jan 2013 23:09:23 GMT https://community.cisco.com/t5/network-security/nat-question-for-asa-running-8-4-5/m-p/2133852#M416604 baskervi 2013-01-25T23:09:23Z https://community.cisco.com/t5/network-security/nat-question-for-asa-running-8-4-5/m-p/2133853#M416605 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Yes, we have a customer firewall (behind the actual Internet firewall) that has absolutely no NAT configurations. Its only doing access control with ACLs acting as a border between 2 local network segments.</P><P></P><P>- Jouni</P></BODY></HTML> Sat, 26 Jan 2013 01:35:56 GMT https://community.cisco.com/t5/network-security/nat-question-for-asa-running-8-4-5/m-p/2133853#M416605 Jouni Forss 2013-01-26T01:35:56Z https://community.cisco.com/t5/network-security/nat-question-for-asa-running-8-4-5/m-p/2133854#M416606 <HTML><HEAD></HEAD><BODY><P>JouniForss, thanks for your help!</P></BODY></HTML> Sat, 26 Jan 2013 14:25:13 GMT https://community.cisco.com/t5/network-security/nat-question-for-asa-running-8-4-5/m-p/2133854#M416606 baskervi 2013-01-26T14:25:13Z