https://community.cisco.com/t5/network-security/nat-exemption/m-p/658060#M1023051 <HTML><HEAD></HEAD><BODY><P>Correct, here's the rest of the order</P><P>1. nat exemption </P><P>2. static nat </P><P>3. static pat </P><P>4. policy nat </P><P>5. regular nat </P><P></P></BODY></HTML> Wed, 14 Mar 2007 14:52:43 GMT acomiskey 2007-03-14T14:52:43Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/658058#M1023049 <P>Hi,</P><P></P><P>has anybody tried to implement a NAT exemption and static NAT for the same source. What i want to achieve is that one host of the internal network will be not natted like the complete network and also has a static NAT for another connection.</P><P></P><P>I have problems to implement this and have read that PNAT is not possible in combination with NAT exemption.</P><P></P><P>regards</P><P>Christoph</P><P></P> Mon, 11 Mar 2019 09:46:05 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/658058#M1023049 c.ohliger 2019-03-11T09:46:05Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/658059#M1023050 <HTML><HEAD></HEAD><BODY><P>hi,</P><P></P><P>let's say u have host A on the inside.</P><P>You want that when host A goes to 1.1.1.1/24,then it should not be translated ( nat exempt ) and for the rest of the traffic it should get translated. ( static nat ).</P><P></P><P>is that true ?</P><P></P><P>if it is,</P><P>access-l nonat permit ip host A 1.1.1.1 255.255.255.0 </P><P>nat (inside) 0 access-list nonat</P><P></P><P>static (inside,outside) <PUBLICIP> <HOSTA></HOSTA></PUBLICIP></P><P></P><P>the nat 0 with an access-list ( exempt ) takes precedence over the static and that's why,the no nat is processed before the static.</P><P></P><P>i guess that's it.</P><P>if i am on the wrong side of the lane,let me know.</P><P></P><P>Regards,</P><P>Sushil.</P></BODY></HTML> Wed, 14 Mar 2007 14:51:41 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/658059#M1023050 suschoud 2007-03-14T14:51:41Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/658060#M1023051 <HTML><HEAD></HEAD><BODY><P>Correct, here's the rest of the order</P><P>1. nat exemption </P><P>2. static nat </P><P>3. static pat </P><P>4. policy nat </P><P>5. regular nat </P><P></P></BODY></HTML> Wed, 14 Mar 2007 14:52:43 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/658060#M1023051 acomiskey 2007-03-14T14:52:43Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/658061#M1023052 <HTML><HEAD></HEAD><BODY><P>Once a packet is exempted from natting for a specific destination, you can not do static natting for the same host/netowrk for the same destination.</P><P></P><P>Give us a brief overview of the scenario, and we'll try to help.</P><P></P><P>-Kanishka</P></BODY></HTML> Wed, 14 Mar 2007 14:53:55 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/658061#M1023052 kaachary 2007-03-14T14:53:55Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/658062#M1023053 <HTML><HEAD></HEAD><BODY><P>Jesus ... so much answers, thanks for all your help. Its a complex environment, but i will try to explain. The environment is based on a FWSM with several interfaces. Basically all traffic is in a exemption NAT table based on network groups. A remote site will be connected to this environment with IPSEC. The IPSEC part will be handeld by a concentrator. The remote network is 172.22.0.0/16, has to be natted inbound to 10.61.0.0/16. Traffic from internal to this remote network has to natted dynamic (pool). Specific hosts in the internal network has to have a static NAT when accessed from outside.</P><P></P><P>The problem is the remote site is not willing to do NAT, that would be the easy way...</P><P></P><P>When i understand your comments correct then is the "jumping point" that NAT exemption is the first in order ... so the only solution would be to build a second firewall for this traffic ,-)</P><P></P><P>regards</P><P>Christoph</P></BODY></HTML> Wed, 14 Mar 2007 15:09:47 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/658062#M1023053 c.ohliger 2007-03-14T15:09:47Z