09-21-2011 01:44 AM - edited 03-11-2019 02:27 PM
Hi all :
I have a command line from ASA 5505 like below :
nat (inside) 0 access-list NO_NAT
The problem is I cannot see any matching ID of 0 at the (outside) like :
nat (outside) 0 xxxxxxxxxxxxx
Another problem is there is also no any access list with the name of NO_NAT.
Can anybody please help to explain on this? Thanks!
Solved! Go to Solution.
09-21-2011 01:56 AM
Hi Tan,
This is Nat-exempt statement, it would not have any matching global id, nat exempt is identified by the nat id 0, the correct usage for it is:
access-list no_nat permit ip 10.0.0.0 255.0.0.0 20.0.0.0 255.0.0.0
nat (inside) 0 access-list no_nat
this means that you are not natting the traffic which is going from 10.0.0.0 to 20.0.0.0.
If you cannot find the access-list, try:
show run access-list NO_NAT
if it does not show anything, then this nat statement is not required, since you do not have an ACL for it.
Hope this helps.
Thanks,
Varun
Please do rate helpful posts.
09-21-2011 01:56 AM
Hi Tan,
This is Nat-exempt statement, it would not have any matching global id, nat exempt is identified by the nat id 0, the correct usage for it is:
access-list no_nat permit ip 10.0.0.0 255.0.0.0 20.0.0.0 255.0.0.0
nat (inside) 0 access-list no_nat
this means that you are not natting the traffic which is going from 10.0.0.0 to 20.0.0.0.
If you cannot find the access-list, try:
show run access-list NO_NAT
if it does not show anything, then this nat statement is not required, since you do not have an ACL for it.
Hope this helps.
Thanks,
Varun
Please do rate helpful posts.
09-21-2011 02:10 AM
Hi Varun :
Thanks for your answer and explanation.
I now understand what is the meaning on this command line. Appreciate your answer and thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide