hi karsten,

i recently did a lab on this and thought the connection would 'break.'

but to my surprise the 'newer' image now behaves/routes like a router.

do you have or know a link to support this?  my google search is failing me.

I'm not aware of a source where it's clearly stated, but you can read it "between the lines" in the config-guide or the 8.3 Migration Guide.

The concept of "NAT Control" was removed from the ASA in version 8.3.  See this link.

As Karsten stated, in 8.3 and later you don't have to have a NAT.  If you do create a NAT and you need to exempt traffic, then you need to create NAT exemptions.

In current versions you do need to pay attention to NAT ordering.  If you have a generic PAT configuration (or PAT pool) that covers a range of hosts, then your NAT exemption will only work if it comes before the generic rule.

PSC

hi,

thanks! i almost forgot the concept of 'nat control.' +5

guess my mind was stuck  from the concepts in 8.2 when it comes to routing on ASA.

Hi Karrsten,

You mean i need clear all nat rule, after that ASA will not translate the traffic and work as a router?

Should i change name if, security lever priority of inside and outside interface?

At present, my security levers and name if on my asa as below:

interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 10.13.1.254 255.255.255.0 standby 10.13.1.253
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.15.1.1 255.255.255.0 standby 10.15.1.253