Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Re: Best way to do multiple NAT statements on ASA

Reply
Thread Tools

Re: Best way to do multiple NAT statements on ASA

 
 
Igor Mamuzić aka Pseto
Guest
Posts: n/a
 
      07-13-2010
On 25.6.2010. 23:09, Andrew Hodgson wrote:
> Hi,
>
> I have 3 DMZs and an inside network.
>
> Inside network is 192.168.1.0/24, DMZ1 is 192.168.2.0/24, DMZ2 is
> 3.0/24, and DMZ 3 is 4.0/24.
>
> I want all networks to be able to talk to each other without NAT
> (there will be ACLs however).
>
>
>


The best way is to use no nat-control command, so that firewall doesn't
require NAT between network segments. However, if you need to use NAT
from your LAN to the Internet for example then you must (despite 'no
nat-control') apply NAT /identity NAT / NAT exception rule to that
traffic going to any lower security level interfaces.
So, in your case it's best to use nat 0 (nat exception) for traffic
flowing between your network segments. I think that you even can try to
use same security level for all DMZs to avoid need for NAT, but I'm not
sure about it, but doing that you loose ASA's ability to filter traffic
without configuring giant access-lists.

Igor


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Puzzling question on new NAT statements on ASA 8.3 Igor Mamuzić aka Pseto Cisco 0 07-23-2010 11:36 AM
Re: Best way to do multiple NAT statements on ASA Morph Cisco 1 07-19-2010 07:44 AM
Prepare Statements VS Statements Vince Java 12 01-21-2008 01:18 PM
component statements within architecture statements Neil Zanella VHDL 8 10-20-2006 09:05 AM
if statements with or w/o else statements Harry George Python 6 02-23-2004 06:48 PM



Advertisments