Nat-Control is only giving the nat funtioanlity nothing else so if you doen't need nat then disable it.
Actually, nat-control forces the use of natting statments. If there isn't a corresponding nat statement the traffic is denied. Nat-control does not enable or disable the nat ability. You can...
Yes you do need an nat exemption acl. The standard practice is to make a site2site acl for each site (designate interesting traffic) and then a single nat exemeption acl that lists ALL the no nat traffic statements.
Brent
Systems Engineer / Consultant
CCNP, CCSP
You can do it by QoS
Take a look at this -
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml
Brent
Systems Engineer / Consultant
CCNP, CCSP
Sorry, stupid iphone.
Just saw this
interface Ethernet2
shutdown
nameif DMZ
security-level 50
ip address 172.31.1.254 255.255.255.0
just go into the interface and do a
no shut
Should be good to go.
Brent
Systems Engineer / Consultant
CCNP, CCSP
Ssh or telnet on the management port. It should grab an ip by dhcp. You need to know the passwords.
1st login username = pix
password is your telnet password
the type
enable
and your enable password and you are ready to config.
Brent
Systems Engineer / Consultant
CCNP, CCSP
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.