Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
10
Helpful
3
Replies

static statement still needed with "no nat-control"

p.schumacher
Level 1
Level 1

‎12-22-2005 03:59 AM

Before version 7.0 when accessing hosts on a high security interface from hosts from a lower security interface, you had to specify a static (lower,higher) ipA ipA command, even if not NAT was involved.

Is this still true for V7.0 when using the "no nat-control" statement?

Labels:
0 Helpful
3 Replies 3

jackko
Level 7
Level 7

‎12-22-2005 02:25 PM

with the command "nat-control" disabled, no nat/pat is required for traffic from lower security level to higher security level. the only configuration required is the acl.

seyedjavadnoorjamali
Level 1
Level 1
In response to jackko

‎12-22-2005 03:00 PM

Hi. I'm Javad Noorjamali

My Web Site www.noorjamali.com

mhoda
Level 5
Level 5

‎12-24-2005 05:45 AM

Hello,

With no-nat control, you do not have to configure static or nat/pat for inbound (lower to higher security , for example outside to inside) or outbound (higher to lower, for example inside to outside). Basically the NAT engine will be bypassed all together.

However, keep in mind that if you decide to configure NAT/PAT or static even though you have no nat-control configured, the packets will be checked against the NAT/PAT, and static rule. If there is a match, translation will take place just as pre 7.0 version. If there is no match on the other hand unlike pre 7.0 version, packet will not be dropped, rather will be passed untranslated.

Hope this helps !

Mynul Hoda

CISSP, CCIE # 9159

Author: Cisco Network Security Troubleshooting -http://www.ciscopress.com/title/1587051893

Customers Also Viewed These Support Documents