Had an interesting workaround to no NAT, that i'm not sure is supported, but seems to work in our lab. If you create 1:1 NAT rules that have any/any allowed where the destination IP before and after NAT is the same... ie nat destination <LAN subnet> to destination <LAN subnet> IP. And create a 1:1 rule for each IP in your lan subnet, aren't you technically achieving the same goal as if nat were disabled entirely. example Nat public IP 192.168.1.10(being advertised/routed down our mpls) to private IP 192.168.1.10(ip that exists in a LAN vlan that is attached to an interface). Fiddly workaround for large subnets maybe.
... View more