Solved

access list help

Posted on 2014-01-27
3
265 Views
Last Modified: 2014-02-24
what is the impact  on the traffic of the below  line


nat (inside) 0 access-list inside_nat0_outbound
0
Comment
Question by:renegadecy
  • 3
3 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 39811585
Any traffic that is included in that access-list...........

show run access-list inside_nat0_outbound

Open in new window


will show you, is not NATTED i.e not tranlated to the public IP address, this is usually (but not always) used to stop VPN Traffic being NATTED when going to a remote site.

Pete
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 39811586
To quantify, nat 0 means DONT NAT.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 39811592
So ASA Pre 8.3 (which is in use in your example above)

nat (inside) 0 access-list EXEMPT
access-list EXEMPT extended permit ip 10.254.254.0 255.255.255.0 172.16.254.0 255.255.255.0

Open in new window

Would not tranlate any traffic going from10.254.254.0 255.255.255.0 to 172.16.254.0 255.255.255.0

This code has changed on the newer ASA's to do the same you would need,
object network obj-10.254.254.0
subnet 10.254.254.0 255.255.255.0
object network obj-172.16.254.0
subnet 172.16.254.0 255.255.255.0
nat (inside,any) source static obj-10.254.254.0 obj-10.254.254.0 destination static obj-172.16.254.0 obj-172.16.254.0

Open in new window


Pete

Cisco PIX/ASA 8.3 Command Changes {NAT / Global / Access-List}
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question