03-27-2011 11:32 AM - edited 03-11-2019 01:13 PM
Does anyone know if I am running ASA 8.3 (which runs as NAT0 by default - NAT is turned off) with REAL IP addresses if I have to still configure an OBJECT with NAT to allow traffic from a lower level interface (OUTSIDE) to a higher level Interface (INSIDE)? Or do I just simply configure an INBOUND ACL without NAT? Please provide any specific documentation that you may have on this, since I am somewhat confused since Cisco has done away with the rule that everything has to be NAT'ed if coming from a lower level interface (OUTSIDE) to a higher level interface (INSIDE), even if using REAL IP addresses -- NOT RFC 1918.
03-27-2011 05:01 PM
I'm not familiar with 8.3 specifically yet but the general rule of nat is if "nat-control" is enabled you need nat statements and if "no nat-control" is specified packets will traverse the firewall as long as they are permitted via the ingress ACL from high to low security levels.
03-28-2011 06:09 AM
Hi,
You can check the following document for nat exemption on ASA 8.3
https://supportforums.cisco.com/docs/DOC-11639
The document below gives details of the natting on ASA 8.3
https://supportforums.cisco.com/docs/DOC-9129
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered if you feel your query is answered. Do rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide