10-16-2006 01:34 PM - edited 03-09-2019 04:33 PM
does the no nat control command disables the nat from low to high interface?
10-16-2006 03:57 PM
From the command reference:
The difference between the no nat-control command and the nat 0 (identity NAT) command is that identity NAT requires that traffic be initiated from the local host. The no nat-control command does not have this requirement, nor does it require a static command to allow communication to inside hosts.
Disabling NAT control is similar to the same security level communication feature, which allows communication between two interfaces of the same security level without configuring a NAT rule, except that the NAT control feature is between hosts instead of interfaces.
Hope it helps
Franco Zamora
10-16-2006 05:34 PM
so in general if no nat-control is used does it apply to all the traffic originating from interfaces that doesnot need nat,static etc
10-17-2006 05:41 AM
Allows the traffic if the ACL is properly set.
Franco Zamora
10-20-2006 06:44 AM
disabling nat-control allows all traffic to pass from a higher security interface to a lower security interface (inside -> outside) even if it doesn't match a nat rule.
This does not affect low to high (outside -> inside) the normal rules still apply for this.
Here is a good explination on nat-control
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/nat.htm#wp1065218
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide