Re: NO-NAT-CONTROL

wasiimcisco · ‎05-04-2008

Hi,

I have pix firewall 535 with IOS 7.x version. I have enable it with no-nat-control, to my understanding with this no-nat-control traffic from higher secuirty level to lower secuirty level allowed if there is no access-list. But from low to high still need of static and access-list. But in my case traffic from low to high is permitted without static. My outside network users are able to reach inside network without static.

Please tell me why it is so, why low to high permitted without static or is it the normal behaviour.

andrew.prince · ‎05-06-2008

1) no nat-control allows traffic to pass thru the device without being nat'd/.

2) Traffic from a higher security level interface to a lower security level interface is allowed regardless of NAT and or ACL.

3) Traffic from a lower security level to a higher security level does require a ALC to allow it - unless you have configure interfaces with the SAME security level - and have configured the "same-security-traffic permit" same security interfaces can talk without an ACL.

4) have you configured any ACL's and applied them to the outside interface? like

access-list permit-all extended permit ip any any

access-group permit-all in interface outside

HTH.

andrew.prince · ‎05-07-2008

wasim,

All fixed? or ?