![]() ![]() You have to reconfigure the NAT statement in PIX/ASA to work as expected. ![]() In general, you need to remove the NAT before you turn off NAT control. Note: If you want to remove or disable the nat-control statement in the PIX/ASA, you need to remove all NAT statements from the security appliance. This document focuses on the PIX/ASA security appliance behavior with nat-control enabled. In order to pass traffic from a lower security interface to a higher one, use access lists to permit the traffic. With nat-control disabled, the PIX/ASA forwards packets from a higher-security interface to a lower one without a specific translation entry in the configuration. With PIX/ASA version 7.0 and later, you can change this behavior when you issue the nat-control command. The default configuration of PIX/ASA version 7.0 and later is the specification of the no nat-control command. The nat-control command ensures that the translation behavior is the same as PIX Firewall versions earlier than 7.0. The nat-control command on the PIX/ASA specifies that all traffic through the firewall must have a specific translation entry ( nat statement with a matching global or a static statement) for that traffic to pass through the firewall. Refer to the Cisco Technical Tips Conventions for more information on document conventions. If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. ![]() The information in this document was created from the devices in a specific lab environment. Note: The commands used in these document are applicable to Firewall Service Module (FWSM). Note: This document has been recertified with PIX/ASA version 8.x. The information in this document is based on Cisco PIX 500 Series Security Appliance Software version 7.0 and later. Readers of this document should be knowledgeable about the Cisco PIX/ASA Security Appliance. Refer to NAT in Transparent Mode for more information. Note: NAT in transparent mode is supported from PIX/ASA version 8.x. Refer to Using NAT and PAT Statements on the Cisco Secure PIX Firewall in order to learn more about the examples of basic NAT and PAT configurations on the Cisco Secure PIX Firewall.įor more information on NAT configuration in ASA version 8.3 and later, refer to Information About NAT. Refer to Using nat, global, static, conduit, and access-list Commands and Port Redirection (Forwarding) on PIX in order to learn more about the nat, global, static, conduit, and access-list commands and Port Redirection (Forwarding) on PIX 5.x and later. Consult the PIX/ASA documentation for your PIX/ASA software version for detailed information. Simplified network diagrams are provided. This document provides examples of basic Network Address Translation (NAT) and Port Address Translation (PAT) configurations on the Cisco PIX/ASA Security Appliances. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |