Re: is it true about ASA?

From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Sun Jul 20 2008 - 16:20:37 ART

• Next message: Peter Stephan: "Shaping at higher than 1536Kbps"
• Previous message: Jason W. Miller: "Re: is it true about ASA?"
• Maybe in reply to: Muhammad Nasim: "is it true about ASA?"
• Next in thread: David Tran: "Re: is it true about ASA?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

heheh

I am going to do this Jason shortly no my PEMU but really want to know how
exactly it behaves becasue I a dead sure that most of the people on the
forums know ASA and security far more better then me

2008/7/20 Jason W. Miller <jaymiller5@gmail.com>:

> It is documented that once you enable PAT/NAT globally on any 1 interfcae
> its the default bahavior on all interfaces. You can lab this up and validate
> this as well.
>
> And the giant thread does begin ;-)
>
> On Sun, Jul 20, 2008 at 3:08 PM, Muhammad Nasim <muhammad.nasim@gmail.com>
> wrote:
>
>> Now here is the Conflict b/w sushil and jason : )
>>
>> OK lets put another way
>>
>>
>> *PATTING ON ANY INTERFACE* = "*NAT-CONTROL" command on the ASA. *
>>
>> I think logically speaking if any one have to do patting on any interface
>> it is better to enable "nat-control" so there will no confusion any more : )
>>
>> AM I correct
>>
>> Please confirm
>>
>>
>>
>>
>> 2008/7/20 Jason W. Miller <jaymiller5@gmail.com>:
>>
>> No true once you enable PAT/NAT globally on the device the default
>>> behavior on all interfaces is nat-control.
>>>
>>>
>>>
>>> On Sun, Jul 20, 2008 at 1:49 PM, sushil menon <sushilmenon2001@gmail.com>
>>> wrote:
>>>
>>>> hi this case all the traffic from the inside will be natted while going
>>>> on
>>>> the outside. even though nat control is disabled. but traffic from dmz
>>>> to
>>>> outside will not be natted since nat-control is disabled.
>>>>
>>>> regards
>>>>
>>>> sushil
>>>>
>>>> On Sun, Jul 20, 2008 at 10:00 PM, Muhammad Nasim <
>>>> muhammad.nasim@gmail.com>
>>>> wrote:
>>>>
>>>> > Dear All,
>>>> >
>>>> > Is it true that if we enable pat on ASA for e.g
>>>> >
>>>> > nat (inside) 1 0 0
>>>> > global (outside) 1 interface
>>>> >
>>>> > Then ASA will behave same as "nat-control" is enabled. (Although
>>>> > nat-control is disabled).
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > Any inputs and links will be helpful
>>>> >
>>>> > Thanks
>>>> >
>>>> >
>>>> > --
>>>> > Muhammad Nasim
>>>> > Network Engineer
>>>> > Saudi Arabia
>>>>
>>>>
>>>
>>
>>
>> --
>> Muhammad Nasim
>> Network Engineer
>> Saudi Arabia
>>
>
>

-- 
Muhammad Nasim
Network Engineer
Saudi Arabia

• Next message: Peter Stephan: "Shaping at higher than 1536Kbps"
• Previous message: Jason W. Miller: "Re: is it true about ASA?"
• Maybe in reply to: Muhammad Nasim: "is it true about ASA?"
• Next in thread: David Tran: "Re: is it true about ASA?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART