https://community.cisco.com/t5/network-security/nat-query/m-p/1653665#M581750 <P><SPAN style="background-color: #f8fafd;">folks</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">i have a basic nat query on an asa 8.2 i'm hoping you can help with</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">i've a dynamic nat to translate all traffic from the inside to outside to the external interface's IP</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">i also have a number of inside to outside exempts for some public IPs i have on the inside</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">no nat-control is configured</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">my query is this</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">when i try to initiate a connection from an outside server to an inside server it fails and packet tracer tells me it due to nat (i have an ACL in place to allow traffic)</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;"></SPAN></P><P><SPAN style="background-color: #f8fafd;">if i configure a nat exemption from (outside, inside) if fails</SPAN></P><P></P><P></P><P><SPAN style="background-color: #f8fafd;"></SPAN></P><P><SPAN style="background-color: #f8fafd;">if i configure a nat exemption from (inside, outside) if works</SPAN></P><P></P><P>why do i need the nat when no nat-control is enabled</P><P></P><P>thanks to anyone taking the time to read this or to post a reply</P><P></P><P>greatly appreciated</P><SPAN style="font-style: background-color: #f8fafd;; "><P></P></SPAN><P></P><P></P> Mon, 11 Mar 2019 19:53:07 GMT mulhollandm 2019-03-11T19:53:07Z https://community.cisco.com/t5/network-security/nat-query/m-p/1653665#M581750 <P><SPAN style="background-color: #f8fafd;">folks</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">i have a basic nat query on an asa 8.2 i'm hoping you can help with</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">i've a dynamic nat to translate all traffic from the inside to outside to the external interface's IP</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">i also have a number of inside to outside exempts for some public IPs i have on the inside</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">no nat-control is configured</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">my query is this</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">when i try to initiate a connection from an outside server to an inside server it fails and packet tracer tells me it due to nat (i have an ACL in place to allow traffic)</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;"></SPAN></P><P><SPAN style="background-color: #f8fafd;">if i configure a nat exemption from (outside, inside) if fails</SPAN></P><P></P><P></P><P><SPAN style="background-color: #f8fafd;"></SPAN></P><P><SPAN style="background-color: #f8fafd;">if i configure a nat exemption from (inside, outside) if works</SPAN></P><P></P><P>why do i need the nat when no nat-control is enabled</P><P></P><P>thanks to anyone taking the time to read this or to post a reply</P><P></P><P>greatly appreciated</P><SPAN style="font-style: background-color: #f8fafd;; "><P></P></SPAN><P></P><P></P> Mon, 11 Mar 2019 19:53:07 GMT https://community.cisco.com/t5/network-security/nat-query/m-p/1653665#M581750 mulhollandm 2019-03-11T19:53:07Z https://community.cisco.com/t5/network-security/nat-query/m-p/1653666#M581752 <HTML><HEAD></HEAD><BODY><P>"no nat-control" is disabled as soon as you have a NAT statement on an interface.</P><P></P><P>If you would need to exempt inbound traffic, you will need to configure static (inside,outside) as normally you will configure static NAT from high security level to low security level, and the static NAT works bidirectionally.</P><P></P><P>Hope that answers your question.</P></BODY></HTML> Fri, 18 Feb 2011 22:54:55 GMT https://community.cisco.com/t5/network-security/nat-query/m-p/1653666#M581752 Jennifer Halim 2011-02-18T22:54:55Z