Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
569
Views
0
Helpful
2
Replies

NAT on firewall

alkabeer80
Level 1
Level 1

‎04-17-2012 11:18 PM - edited ‎03-11-2019 03:55 PM

Hi, i have done dubble nat on firewall so that people from outside can not c my internal network and people from inside connect to local ip address to access services outside.

static ( inside,outside) 20.1.1.1 10.1.1.1 netmask 255.255.255.255

static ( outside, inside) 192.168.1.1 192.168.2.1 netmask 255.255.255.255

everything seems fine

now if user does not have nat translation lets say 10.1.1.2 tries to communicate with another one on the other end, the logs on the other company firewall see 's my internal ip as it is because it does not have translation.

How can i block any user that does not have translation to pass from my firewall to the other firewall

Teardown ICMP connection for faddr 20.1.1.1 gaddr 10.1.1.2 laddr 10.1.1.2

thanksssssssssss

Labels:
0 Helpful
2 Replies 2

alkabeer80
Level 1
Level 1

‎04-19-2012 12:20 AM

Hello firewall experts

0 Helpful

Dan-Ciprian Cicioiu
Level 7
Level 7
In response to alkabeer80

‎04-19-2012 12:25 AM

Hi ,

you can enable nat-control. en > conf t > nat-control

By enabling nat-control , any flow from a higher security level (ex inside) to a lower security level ( ex. outside ) will not be permited if it is not sNATed.

This will affect all your flows.

Dan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card