cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1395
Views
0
Helpful
5
Replies

ASA Version 8.3 and Higher, Nat Control from lower security

Dear All,

I am new for ASA version 8.3 implementation,

I have read that nat control is no longer exist in this version,

However, I am trying to permit traffic from lower security interface to higher interface security,

Is it need to be Natted ?

When I try to route, i have never succeeded, but when I put a nat, I can access and the traffic go through

Do I miss anything on the nat control statement ?

1 Accepted Solution

Accepted Solutions

Hello Mark,

There you go, Yes if you are coming in through remote access VPN, then you need to do the following things

1. Add your inside subnet in the split tunnel ( if you are using split tunneling)

2. Add identity nat ( no nat) for you inside subnet when it is going to communicate with RA VPN pool

Please feel free to  shoot your questions and post the config if possible , we will try to make it work!

Regards

Harish.

View solution in original post

5 Replies 5

Harish Balakrishnan
Enthusiast
Enthusiast

Hello Mark,

You do not need to have NAT configured in order to communicate from lower security to high security in ASA 8.3 or later..

you need only permission.

regards

Harish.

Julio Carvajal
Advisor
Advisor

Hello Mark,

No requirement to have nat enabled in order to do that.. Just remember that if you need to access the higher security level from the outside world  you need to nat the private ip to a public IP.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thanks for the answer guys,

But, If I coming from outside which is from remote-access VPN, Do I have to do nat ? currently I cannot connect to higher security interface without NAT

Hello Mark,

There you go, Yes if you are coming in through remote access VPN, then you need to do the following things

1. Add your inside subnet in the split tunnel ( if you are using split tunneling)

2. Add identity nat ( no nat) for you inside subnet when it is going to communicate with RA VPN pool

Please feel free to  shoot your questions and post the config if possible , we will try to make it work!

Regards

Harish.

Thanks a lot Harish, Now everything is make sense

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers