I was trying to perform NAT-C on ASA 8.2. The setup was pretty simple. I had an Inside (Security-Level 100) interface, DMZ (Security-Level 50) and an Outside Interface (Security-Level 0).
I wanted to perform Nat from DMZ hosts to Inside hosts. When I used "nat" & "global" commands, it didn't work (all required ACLs were in place).
Is it something like NAT-C wont happen for lower security level to higher security level if we use nat & global statements (I know, static statement works in this case but I want to know about nat & global)
NAT control requires that packets traversing from an inside interface to an outside interface match a NAT rule; for any host on the inside network to access a host on the outside network, you must configure NAT to translate the inside host address. NAT-C will not work when traffic coming from lower security level going towards higher security level.
Thanks, is there any particular reason for "NAT-C will not work when traffic coming from lower security level going towards higher security level." or this is the way its developed ?
And can you please refer to any such link/article/book where this statement resides ?
"Please rate helpful posts"