• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 277
  • Last Modified:

access list help

what is the impact  on the traffic of the below  line


nat (inside) 0 access-list inside_nat0_outbound
0
renegadecy
Asked:
renegadecy
  • 3
1 Solution
 
Pete LongTechnical ConsultantCommented:
Any traffic that is included in that access-list...........

show run access-list inside_nat0_outbound

Open in new window


will show you, is not NATTED i.e not tranlated to the public IP address, this is usually (but not always) used to stop VPN Traffic being NATTED when going to a remote site.

Pete
0
 
Pete LongTechnical ConsultantCommented:
To quantify, nat 0 means DONT NAT.
0
 
Pete LongTechnical ConsultantCommented:
So ASA Pre 8.3 (which is in use in your example above)

nat (inside) 0 access-list EXEMPT
access-list EXEMPT extended permit ip 10.254.254.0 255.255.255.0 172.16.254.0 255.255.255.0

Open in new window

Would not tranlate any traffic going from10.254.254.0 255.255.255.0 to 172.16.254.0 255.255.255.0

This code has changed on the newer ASA's to do the same you would need,
object network obj-10.254.254.0
subnet 10.254.254.0 255.255.255.0
object network obj-172.16.254.0
subnet 172.16.254.0 255.255.255.0
nat (inside,any) source static obj-10.254.254.0 obj-10.254.254.0 destination static obj-172.16.254.0 obj-172.16.254.0

Open in new window


Pete

Cisco PIX/ASA 8.3 Command Changes {NAT / Global / Access-List}
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now