05-20-2009 12:36 AM - edited 03-11-2019 08:34 AM
Is it possible to turn off nat on some interfaces and use nat rules towards internet? Or do i have to use nat on all other interfaces when i enable nat on one?
05-20-2009 12:48 AM
NAT is interface-specific, not global.
05-20-2009 10:38 AM
You can create a NAT exemption to disable NAT. This uses an access-list and a nat command.
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_bypassing.html
access-list noNATinside extended permit ip 192.168.0.0 255.255.252.0 10.0.0.0 255.0.0.0
nat (inside) 0 access-list noNATinside
05-20-2009 04:28 PM
When nat-control is enabled a nat rule is needed for traffic between interfaces with different security levels.
I believe you can disable nat-control (no nat-control) and still use nat translations on the interfaces that you need to: inside to outside for example with a nat and global rule. But nothing on dmz to inside/outside.
05-21-2009 09:20 AM
I use nat excemption with acl in every interface because is less complex to understand and troubleshot.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide