https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122356#M915229 <HTML><HEAD></HEAD><BODY><P>there another way</P><P>also try and see it</P><P>let say ur inside network is </P><P>192.168.1.0/24</P><P>access-list 100 permit ip 192.168.1.0 255.255.255.0 any</P><P></P><P>nat (inside) 1 access-list 100</P><P>global (outside) 1 192.168.1.1-.192.168.1.254</P><P></P><P>rate if helpful</P><P></P></BODY></HTML> Tue, 05 Aug 2008 23:49:39 GMT Marwan ALshawi 2008-08-05T23:49:39Z https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122353#M915224 <P>Dear All,</P><P></P><P>We'r using FWSM with 2.3(4) s/w</P><P>We intend to do no nat-control. </P><P>However, Version3.2 apparently can do this. How do we enable no nat-control or a similar function on v2.3?</P><P></P><P>More requirement, ideally we would want no nat control on some dmz1s/out paths and nat control on some dmz2s/out path.</P><P>Is this acheivable in both 2.3 and 3.2?</P><P></P><P>Thanks</P><P>SS</P> Mon, 11 Mar 2019 13:25:57 GMT https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122353#M915224 s.srivas 2019-03-11T13:25:57Z https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122354#M915225 <HTML><HEAD></HEAD><BODY><P>instead of playing with nat control do the following</P><P></P><P>lets say ur dmz1 subnet is 172.16.1.0 /24</P><P>and u wanna u se this subnet from the outside interface as there is no nat</P><P></P><P>do:</P><P>static (dmz1, outside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0</P><P></P><P>and then make the permit ACL</P><P>because in FWSM not like ASA traffic denied by default even from higher security level to less</P><P></P><P>and then if u have device on dmz1 with ip 172.16.1.5 u gonna see it from outside as 172.16.1.5</P><P></P><P>and this can be don between any two interfaces u want</P><P></P><P>good luck </P><P></P><P>please, if helpful rate</P><P></P></BODY></HTML> Tue, 05 Aug 2008 14:39:25 GMT https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122354#M915225 Marwan ALshawi 2008-08-05T14:39:25Z https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122355#M915228 <HTML><HEAD></HEAD><BODY><P>We'r trying to initiate (say ping for now) connections from inside to unknown/dynamically known outsides.</P><P></P><P>I can use 0.0.0.0 as outside to test. should the (outside, dmz1) work, if reversed?</P><P></P><P>Does this directional change make any difference. In the mean time i'm going to (again!) test your suggestion.</P></BODY></HTML> Tue, 05 Aug 2008 15:01:21 GMT https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122355#M915228 s.srivas 2008-08-05T15:01:21Z https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122356#M915229 <HTML><HEAD></HEAD><BODY><P>there another way</P><P>also try and see it</P><P>let say ur inside network is </P><P>192.168.1.0/24</P><P>access-list 100 permit ip 192.168.1.0 255.255.255.0 any</P><P></P><P>nat (inside) 1 access-list 100</P><P>global (outside) 1 192.168.1.1-.192.168.1.254</P><P></P><P>rate if helpful</P><P></P></BODY></HTML> Tue, 05 Aug 2008 23:49:39 GMT https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122356#M915229 Marwan ALshawi 2008-08-05T23:49:39Z https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122357#M915231 <HTML><HEAD></HEAD><BODY><P>nat (inside) 0</P><P>nat (outside) 0</P><P></P><P>I tried the above and working ok for now.</P><P></P><P>Will try the suggestion when we need to mix and match.</P><P></P><P>Thanks you Marwanshawi.</P><P></P><P>SS</P></BODY></HTML> Wed, 06 Aug 2008 07:40:47 GMT https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122357#M915231 s.srivas 2008-08-06T07:40:47Z https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122358#M915233 <HTML><HEAD></HEAD><BODY><P>i glad its working because when i see the rateing 3 i though didnt</P><P></P><P>cool:)</P></BODY></HTML> Wed, 06 Aug 2008 07:56:21 GMT https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122358#M915233 Marwan ALshawi 2008-08-06T07:56:21Z https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122359#M915235 <HTML><HEAD></HEAD><BODY><P>Thanks, it works with nat0</P><P>I'll be trying with nat1 later.</P><P></P><P>I also have another question, with v2.3, would nat 0 on one FWSM context and nat 1 on another context, but for the same interface/s work?</P></BODY></HTML> Wed, 06 Aug 2008 17:10:03 GMT https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122359#M915235 s.srivas 2008-08-06T17:10:03Z https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122360#M915237 <HTML><HEAD></HEAD><BODY><P>sure u can because they are in defrent context then the source will be deffrent</P><P>and the nat policy will work independatly in each context</P></BODY></HTML> Thu, 07 Aug 2008 01:23:00 GMT https://community.cisco.com/t5/network-security/fwsm-no-nat-control-or-nat-control/m-p/1122360#M915237 Marwan ALshawi 2008-08-07T01:23:00Z