Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1903
Views
0
Helpful
5
Replies

ASA Version 8.3 and Higher, Nat Control from lower security

Go to solution
markstephanuschandra
Level 1
Level 1

‎10-02-2012 03:28 AM - edited ‎03-11-2019 05:02 PM

Dear All,

I am new for ASA version 8.3 implementation,

I have read that nat control is no longer exist in this version,

However, I am trying to permit traffic from lower security interface to higher interface security,

Is it need to be Natted ?

When I try to route, i have never succeeded, but when I put a nat, I can access and the traffic go through

Do I miss anything on the nat control statement ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harish Balakrishnan
Spotlight
In response to markstephanuschandra

‎10-02-2012 10:47 PM

Hello Mark,

There you go, Yes if you are coming in through remote access VPN, then you need to do the following things

1. Add your inside subnet in the split tunnel ( if you are using split tunneling)

2. Add identity nat ( no nat) for you inside subnet when it is going to communicate with RA VPN pool

Please feel free to  shoot your questions and post the config if possible , we will try to make it work!

Regards

Harish.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Harish Balakrishnan
Spotlight

‎10-02-2012 04:36 AM

Hello Mark,

You do not need to have NAT configured in order to communicate from lower security to high security in ASA 8.3 or later..

you need only permission.

regards

Harish.

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-02-2012 09:49 AM

Hello Mark,

No requirement to have nat enabled in order to do that.. Just remember that if you need to access the higher security level from the outside world  you need to nat the private ip to a public IP.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
markstephanuschandra
Level 1
Level 1
In response to Julio Carvajal

‎10-02-2012 10:43 PM

Thanks for the answer guys,

But, If I coming from outside which is from remote-access VPN, Do I have to do nat ? currently I cannot connect to higher security interface without NAT

0 Helpful

Go to solution
Harish Balakrishnan
Spotlight
In response to markstephanuschandra

‎10-02-2012 10:47 PM

Hello Mark,

There you go, Yes if you are coming in through remote access VPN, then you need to do the following things

1. Add your inside subnet in the split tunnel ( if you are using split tunneling)

2. Add identity nat ( no nat) for you inside subnet when it is going to communicate with RA VPN pool

Please feel free to  shoot your questions and post the config if possible , we will try to make it work!

Regards

Harish.

0 Helpful

Go to solution
markstephanuschandra
Level 1
Level 1
In response to Harish Balakrishnan

‎10-02-2012 10:51 PM

Thanks a lot Harish, Now everything is make sense

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top