Does checking "enable traffic through firewall..."disable my NAT rules?

Carl King · ‎02-01-2011

I am unable to get NAT rules to work. I can't find anything in the ASDM guide that explains this.

Will unchecking "Enable traffic through firewall without address translation" effectively disable my NAT rules?

ramds · ‎02-01-2011

Hi Carl ,

In order to use the NAT rules you need to Click "NAT" and uncheck the box that says "Enable traffic through the firewall without address translation." Now you can add the NAT rule. Click the radio button "Translation Rules" and click "Add." This will put you into the "Add Address Translation Rule" dialog window.

If you do not want to use the nat rules then you need to check the "enable traffic through the firewall without address translation" , so that there will not be an option to add a nat rule.

Here is a link for reference using ASDM for nat configuration example:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804619d8.shtml

--Ramya

PS: Please rate the solution if it helps.

mcross · ‎02-02-2011

No, your NAT rules will still apply.

The difference is if the box is checked, traffic can still route through the box (assuming ACLs permit and routes exist) without being translated.

However, It is generally more secure to keep the box unchecked and add a NAT exemption rule for traffic you wish to route through without being translated.

jlhainy · ‎01-19-2013

So, lets say you only want to NAT between certain interfaces. Say like a DMZ that has the private IPs for a guest wireless network. You want to translate those network to the outside interface and say a public DMZ interface, but not have to translate between every interface?

ismith · ‎01-06-2013

Thanks for the help. Between your information and the details on

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080b80d74.shtml#pat I was able to resolve the issue and have a better understanding of the device.