About lanli_ltp

lanli_ltp · 12-03-2010

There is no explicit "nat-control" command in ASA 8.3. But what's the default behavior for NAT? If there is no NAT rule matching the incoming packet, does the packet get dropped, or simply passed through as is?The 8.3 Migration document mentioned a s...

lanli_ltp · 06-08-2010

We are looking for a clarification of ASA nat-control command. Unfortunately, we don't have spare device to test it out.The situation is as follows:An ASA firewall has three interfaces: "inside", "outside", and "corpinside".nat-control is DISABLED.A ...

lanli_ltp · 10-20-2010

I realized that there are some similar use cases like this. Sometimes the PCI DSS audit requires documenting all firewall rule changes in the firewall management life cycle. If I don't have rule change tracking system, I could end up with mapping rul...

lanli_ltp · 10-18-2010

Adam,Are you using object groups in your firewall rules? If so, the simple text search can't solve your problem. You need a firewall rule seach tool that automatically checks the object definition referred in the firewall rule against the IP address ...

lanli_ltp · 06-09-2010

Sorry for the confusion."Patcks that match no nat rules" means "Packets that do not match any NAT rules including Dynamic NAT, Static NAT, and NAT Exempt rules"

lanli_ltp · 06-08-2010

Thanks for your information.We had read the document you mentioned. Our interpretation at that time was the following. If nat-control is disabled and dynamic NAT is defined on an interface on which traffic is originating, then packets going from th...

Member Since	‎06-08-2010 09:26 AM
Date Last Visited	‎08-18-2017 03:53 AM
Posts	6

User Statistics

User Activity

ASA 8.3 nat-control issue

ASA nat-control issue

Re: How to compare firewall rules & documentation?

Re: How to compare firewall rules & documentation?

Re: ASA nat-control issue

Re: ASA nat-control issue