ASA 5510 NAT and No NAT

[philjray]

Hi, is it possible to set up the outside interface 0/0 with a virtual interface and have both a NAT and No NAT configuration?
The reason for this is to have VoIP devices on their own range behind the firewall with No NAT (routing is done privately over MPLS) and data going out via the NAT interface on another range.
Regards, Phil

 

[robbieguy2003]

I think you have to have the unit in either routed/transparent mode so you dont really have a choice.

You can however setup a NAT rule that translates your external IP to the same external IP but on the inside interface. That should do what you're trying to achieve and let you have the Firewall operate in routed mode.

The difference between genius and stupidity is that genius has its limits

Rob

 

[Supergrrover]

It depends on networks and goals. Can you post a config and a topology that you want to achieve?

Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[bannomust]

It's possible to enable and disable the NAT based on traffic but for this, NAT must be enable on your ASA means " NAT-Control" should be enabled.

You can define the traffic and type of NAT for that traffic. Make sure if you are doing NAT for voice traffic then voice traffic related inspection is enable on ASA otherwise you will have issue on voice client registration.

Thanks,

Mustafa Gangardiwala
CCIE-Security # 16253, CISA
CISM,CISSP,INFOSEC, MCSE, CNE

http://netseczone.blogspot.com