hi,
i'm doing a clean up on ASA NAT rules.
was planning to disable it first so it's easy to enable it back if there's a user complaint.
tried using CLI and ASDM but i don't see a "disable" function for NAT similar to ACL rules.
can someone advise if this is possible? or negating the NAT line is the only way.
LAB-ASA5515x(config)# object network OBJ-XRV
LAB-ASA5515x(config-network-object)# nat ?
network-object mode commands/options:
( Open parenthesis for (<real_if_name>,<mapped_if_name>) pair where
<real_if_name> is the prenat interface and <mapped_if_name> is the
postnat interface
dynamic Specify NAT type as dynamic
static Specify NAT type as static
configure mode commands/options:
( Open parenthesis for (<internal_if_name>,<external_if_name>)
pair where <internal_if_name> is the Internal or prenat
interface and <external_if_name> is the External or postnat
interface
<1-2147483647> Position of NAT rule within before auto section
after-auto Insert NAT rule after auto section
source Source NAT parameters
LAB-ASA5515x(config-network-object)# nat (inside,outside) ?
network-object mode commands/options:
dynamic Specify NAT type as dynamic
static Specify NAT type as static
configure mode commands/options:
<1-2147483647> Position of NAT rule within before auto section
after-auto Insert NAT rule after auto section
source Source NAT parameters
LAB-ASA5515x(config-network-object)# nat (inside,outside) dyn
LAB-ASA5515x(config-network-object)# nat (inside,outside) dynamic ?
network-object mode commands/options:
A.B.C.D Mapped IP address
WORD Mapped network object/object-group name
X:X:X:X::X/<0-128> Enter an IPv6 prefix
interface Use interface address as mapped IP
pat-pool Specify object or object-group name for mapped source pat
pool
LAB-ASA5515x(config-network-object)# nat (inside,outside) dynamic interface ?
network-object mode commands/options:
dns Use the created xlate to rewrite DNS record
ipv6 Use IPv6 address(es) as mapped IP(s)
<cr>
