Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

0

understanding firewall nat statements

Started by jamessimo , Apr 22 2012 08:56 PM

nat access-list

Please log in to reply

2 replies to this topic

#1 jamessimo

Advanced Member

Members
184 posts

Gender:Male
Location:Watford

Posted 22 April 2012 - 08:56 PM

Hi All

I just need to get something straight in my head.

Does nat (inside) 0 statement on a firewall mean do not Nat this range

and nat (inside) 1 mean do nat this range.

also

does this statement access-group ouside_access_in in interface outside tie the name ouside_access_in to the outside interface

Also does that refer to traffic coming from outside is coming in on the interface hence in interface statement (e.g a 3rd party wanting
to get access on to your network)

Please help clear this up.

Many thanks

0

Back to top

#2 Yorel

PIX/ASA/FWSM

Technical Experts
537 posts

Gender:Male
Location:Madrid

Posted 23 April 2012 - 08:00 PM

Hello!

Yes, the command nat (inside) 0 ... is used for traffic you don't want to do nat. It's commonly used for VPN traffic and you don't need a global statment.

The nat (inside) 1 command will do nat to the traffic and must match with a global command with the same id (global (outside) 1 interface).

The name ouside_access_in is just a name to identify an access-list. When you create access-lists via ASDM, the appliance assigns this name automatically. In order to take effect in the interface you have to configure an access-group command on it. And you're right, that traffic refers to the packets from the outside to your network.

Regards!