Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
790
Views
0
Helpful
2
Replies

ASA 8.3 Inbound ACL & NAT'ing

rafrancis
Level 1
Level 1

‎03-27-2011 11:32 AM - edited ‎03-11-2019 01:13 PM

Does anyone know if I am running ASA 8.3 (which runs as NAT0 by default - NAT is turned off) with REAL IP addresses if I have to still configure an OBJECT with NAT to allow traffic from a lower level interface (OUTSIDE) to a higher level Interface (INSIDE)?  Or do I just simply configure an INBOUND ACL without NAT?  Please provide any specific documentation that you may have on this, since I am somewhat confused since Cisco has done away with the rule that everything has to be NAT'ed if coming from a lower level interface (OUTSIDE) to a higher level interface (INSIDE), even if using REAL IP addresses -- NOT RFC 1918.

Labels:
0 Helpful
2 Replies 2

Matthew Warrick
Level 1
Level 1

‎03-27-2011 05:01 PM

I'm not familiar with 8.3 specifically yet but the general rule of nat is if "nat-control" is enabled you need nat statements and if "no nat-control" is specified packets will traverse the firewall as long as they are permitted via the ingress ACL from high to low security levels.

0 Helpful

andamani
Cisco Employee
Cisco Employee

‎03-28-2011 06:09 AM

Hi,

You can check the following document for nat exemption on ASA 8.3

https://supportforums.cisco.com/docs/DOC-11639

The document below gives details of the natting on ASA 8.3

https://supportforums.cisco.com/docs/DOC-9129

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card