Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
3
Replies

ASA v8.4 Access from Inside To DMZ

irfan.ahmed
Level 1
Level 1

‎05-03-2016 04:31 PM - edited ‎03-12-2019 12:42 AM

Do you require nat to allow  inside network accessing DNZ ip ? I think only ACL is required  in 8.4.

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎05-03-2016 04:51 PM

NAT is not required, although depending on your software version and options you have need to create a "no-nat" rule.

0 Helpful

irfan.ahmed
Level 1
Level 1
In response to Philip D'Ath

‎05-03-2016 08:26 PM

I know with the older version of ASA m NAT is the requirement. Can someone provide details of NAT-Control command. I think with 8.4 we don't need to create NAT rule in order to allow traffic from Higher security level to lower security level ?

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to irfan.ahmed

‎05-03-2016 08:32 PM

Hi Irfan,

Yes you are correct we do not need to create a NAT for allowing traffic from Higher security level to lower security level.

For more clarity about NAT-control check this:

https://supportforums.cisco.com/document/11936941/lets-briefly-talk-about-what-nat-control

The nat-control command is  deprecated post 8.2. To maintain the requirement that all traffic  from a higher  security interface to a lower security interface be  translated, a NAT  rule will be inserted at the end of section 2 for  each interface to  disallow any remaining traffic. The nat-control command was used for NAT configurations defined with earlier versions of  the adaptive security appliance. The  best practice is to use access  rules for access control instead of  relying on the absence of a NAT rule  to prevent traffic through the  adaptive security appliance.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card