Re: is it true about ASA?

From: Shahid Ansari (shahid1357@gmail.com)
Date: Mon Aug 04 2008 - 07:21:41 ART

• Next message: Vijay Kurraha: "Re: BGP: community no-export"
• Previous message: KS Anpu: "Re: Configuration Required for PC to Run Dynamips"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 Dear GS,

I was just reading archive emails and update it .

When the "nat-control"* *is enabled (only in routed Mode), each Inside
address must have a corresponding Inside NAT rule. If an Outside dynamic NAT
is enabled on an interface, each Outside address must have a corresponding
Outside NAT rule before communication is allowed through the Security
Appliance(nat+Global or static).
By default, NAT control is disabled by "no nat-control" command. The "no
nat-control"* *command allows Inside hosts to communicate with outside
networks without the need to configure a NAT rule. In essence, with NAT
control disabled, the Security Appliance does not perform an address
translation function to any packets .
With version 7 and later behavior can be changed as require .

Thanks
Shahid Ansari

On Sun, Jul 20, 2008 at 10:08 PM, Muhammad Nasim
<muhammad.nasim@gmail.com>wrote:

> Now here is the Conflict b/w sushil and jason : )
>
> OK lets put another way
>
>
> *PATTING ON ANY INTERFACE* = "*NAT-CONTROL" command on the ASA. *
>
> I think logically speaking if any one have to do patting on any interface
> it
> is better to enable "nat-control" so there will no confusion any more : )
>
> AM I correct
>
> Please confirm
>
>
>
>
> 2008/7/20 Jason W. Miller <jaymiller5@gmail.com>:
>
> > No true once you enable PAT/NAT globally on the device the default
> behavior
> > on all interfaces is nat-control.
> >
> >
> >
> > On Sun, Jul 20, 2008 at 1:49 PM, sushil menon <sushilmenon2001@gmail.com
> >
> > wrote:
> >
> >> hi this case all the traffic from the inside will be natted while going
> on
> >> the outside. even though nat control is disabled. but traffic from dmz
> to
> >> outside will not be natted since nat-control is disabled.
> >>
> >> regards
> >>
> >> sushil
> >>
> >> On Sun, Jul 20, 2008 at 10:00 PM, Muhammad Nasim <
> >> muhammad.nasim@gmail.com>
> >> wrote:
> >>
> >> > Dear All,
> >> >
> >> > Is it true that if we enable pat on ASA for e.g
> >> >
> >> > nat (inside) 1 0 0
> >> > global (outside) 1 interface
> >> >
> >> > Then ASA will behave same as "nat-control" is enabled. (Although
> >> > nat-control is disabled).
> >> >
> >> >
> >> >
> >> >
> >> > Any inputs and links will be helpful
> >> >
> >> > Thanks
> >> >
> >> >
> >> > --
> >> > Muhammad Nasim
> >> > Network Engineer
> >> > Saudi Arabia
> >>
> >>
> >
>
>
> --
> Muhammad Nasim
> Network Engineer
> Saudi Arabia
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Vijay Kurraha: "Re: BGP: community no-export"
• Previous message: KS Anpu: "Re: Configuration Required for PC to Run Dynamips"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:29 ART