https://community.cisco.com/t5/network-security/nat-exemption/m-p/764432#M980284 <HTML><HEAD></HEAD><BODY><P>Thank you for both replies.</P><P></P><P>I have another situation but do not know how to do the translations for.</P><P></P><P>I have remote access VPN users getting public ip addresses in the range x.x.26.0/23 on the outside. They need to access their desktops on the inside using RDP and the desktops are on the private 10.x.x.x range.</P><P></P><P>Is it possible to allow remote access users on the outside to access the desktops on the inside?</P><P></P><P>I have been looking into policy NAT but need some help.</P><P></P><P>Any suggestions?</P></BODY></HTML> Wed, 23 May 2007 13:43:11 GMT mchockalingam 2007-05-23T13:43:11Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/764429#M980277 <P>Hi All,</P><P></P><P>I jsut need some help in making sure that the following statements are correct. Here is the scenario.</P><P></P><P>Our inside private addresss 10.x.x.x always gets NATed to a public IP on the outside. Now I have a situatuion where we do not want to NAT the private IP if the destination address is x.x.226.31 on the outside.</P><P></P><P>I have come up with the following.</P><P></P><P>access-list no_nat_ipvc_out permit ip 10.0.0.0 255.0.0.0 host x.x.226.31</P><P></P><P>nat (inside) 0 access-list no_nat_ipvc_out</P><P></P><P>Will this work?</P> Tue, 26 Mar 2019 00:37:40 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/764429#M980277 mchockalingam 2019-03-26T00:37:40Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/764430#M980279 <HTML><HEAD></HEAD><BODY><P>Yes.</P></BODY></HTML> Tue, 22 May 2007 11:57:20 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/764430#M980279 acomiskey 2007-05-22T11:57:20Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/764431#M980281 <HTML><HEAD></HEAD><BODY><P>Yeah that should do it. </P><P></P><P>-Hoogen</P></BODY></HTML> Tue, 22 May 2007 12:00:00 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/764431#M980281 hoogen_82 2007-05-22T12:00:00Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/764432#M980284 <HTML><HEAD></HEAD><BODY><P>Thank you for both replies.</P><P></P><P>I have another situation but do not know how to do the translations for.</P><P></P><P>I have remote access VPN users getting public ip addresses in the range x.x.26.0/23 on the outside. They need to access their desktops on the inside using RDP and the desktops are on the private 10.x.x.x range.</P><P></P><P>Is it possible to allow remote access users on the outside to access the desktops on the inside?</P><P></P><P>I have been looking into policy NAT but need some help.</P><P></P><P>Any suggestions?</P></BODY></HTML> Wed, 23 May 2007 13:43:11 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/764432#M980284 mchockalingam 2007-05-23T13:43:11Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/764433#M980287 <HTML><HEAD></HEAD><BODY><P>I think this is what you're asking. Just add the traffic to you existing nat exemption acl.</P><P></P><P>access-list no_nat_ipvc_out permit ip 10.0.0.0 255.0.0.0 host x.x.226.31 </P><P>access-list no_nat_ipvc_out permit ip 10.0.0.0 255.0.0.0 x.x.226.0 255.255.254.0</P><P>nat (inside) 0 access-list no_nat_ipvc_out </P><P></P></BODY></HTML> Wed, 23 May 2007 14:32:32 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/764433#M980287 acomiskey 2007-05-23T14:32:32Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/764434#M980289 <HTML><HEAD></HEAD><BODY><P>I think this will only allow 10.x.x.x access the 26.0/23 with no NAT. </P><P></P><P>But I would like to no NAT the 10.x.x.x on the inside if the traffic is coming from the outside source x.x.26.0/23. I do not have any interface in the 10.x.x.x range on the firewall.</P><P></P><P>We are doing the NATing on the FWSM but the perimeter firewall has the DMZ which has our VPN device. When remote users connect they get an IP on the DMZ of the perimeter firewall and the users need access to inside which is 10.x.x.x. But all our 10.x.x.x gets NATed to a public IP by the FWSM.</P></BODY></HTML> Wed, 23 May 2007 15:01:23 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/764434#M980289 mchockalingam 2007-05-23T15:01:23Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/764435#M980290 <HTML><HEAD></HEAD><BODY><P>Nat exemption acl's are bi-directional.</P></BODY></HTML> Wed, 23 May 2007 15:37:45 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/764435#M980290 acomiskey 2007-05-23T15:37:45Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/764436#M980291 <HTML><HEAD></HEAD><BODY><P>This is a learning for me. I just want to make sure that it will work if the traffic originates from outside.</P></BODY></HTML> Wed, 23 May 2007 17:42:27 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/764436#M980291 mchockalingam 2007-05-23T17:42:27Z https://community.cisco.com/t5/network-security/nat-exemption/m-p/764437#M980292 <HTML><HEAD></HEAD><BODY><P>How are doing Meena im <A href="mailto:dillonoct@aol.com">dillonoct@aol.com</A></P><P></P></BODY></HTML> Wed, 23 May 2007 18:38:51 GMT https://community.cisco.com/t5/network-security/nat-exemption/m-p/764437#M980292 joe2065 2007-05-23T18:38:51Z