Solved

access list help

Posted on 2014-01-27
3
266 Views
Last Modified: 2014-02-24
what is the impact  on the traffic of the below  line


nat (inside) 0 access-list inside_nat0_outbound
0
Comment
Question by:renegadecy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
3 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 39811585
Any traffic that is included in that access-list...........

show run access-list inside_nat0_outbound

Open in new window


will show you, is not NATTED i.e not tranlated to the public IP address, this is usually (but not always) used to stop VPN Traffic being NATTED when going to a remote site.

Pete
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 39811586
To quantify, nat 0 means DONT NAT.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 39811592
So ASA Pre 8.3 (which is in use in your example above)

nat (inside) 0 access-list EXEMPT
access-list EXEMPT extended permit ip 10.254.254.0 255.255.255.0 172.16.254.0 255.255.255.0

Open in new window

Would not tranlate any traffic going from10.254.254.0 255.255.255.0 to 172.16.254.0 255.255.255.0

This code has changed on the newer ASA's to do the same you would need,
object network obj-10.254.254.0
subnet 10.254.254.0 255.255.255.0
object network obj-172.16.254.0
subnet 172.16.254.0 255.255.255.0
nat (inside,any) source static obj-10.254.254.0 obj-10.254.254.0 destination static obj-172.16.254.0 obj-172.16.254.0

Open in new window


Pete

Cisco PIX/ASA 8.3 Command Changes {NAT / Global / Access-List}
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question