Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
727
Views
0
Helpful
2
Replies

ASA 5505 Command Line Question

Go to solution
Tang-Suan Tan
Level 1
Level 1

‎09-21-2011 01:44 AM - edited ‎03-11-2019 02:27 PM

Hi all :

I have a command line from ASA 5505 like below :

nat (inside) 0 access-list NO_NAT

The problem is I cannot see any matching ID of 0 at the (outside) like :

nat (outside) 0  xxxxxxxxxxxxx

Another problem is there is also no any access list with the name of NO_NAT.

Can anybody please help to explain on this? Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
varrao
Level 10
Level 10

‎09-21-2011 01:56 AM

Hi Tan,

This is Nat-exempt statement, it would not have any matching global id, nat exempt is identified by the nat id 0, the correct usage for it is:

access-list no_nat permit ip 10.0.0.0 255.0.0.0 20.0.0.0 255.0.0.0

nat (inside) 0 access-list no_nat

this means that you are not natting the traffic which is going from 10.0.0.0 to 20.0.0.0.

If you cannot find the access-list, try:

show run access-list NO_NAT

if it does not show anything, then this nat statement is not required, since you do not have an ACL for it.

Hope this helps.

Thanks,

Varun

Please do rate helpful posts.

Thanks,
Varun Rao

View solution in original post

0 Helpful
2 Replies 2

Go to solution
varrao
Level 10
Level 10

‎09-21-2011 01:56 AM

Hi Tan,

This is Nat-exempt statement, it would not have any matching global id, nat exempt is identified by the nat id 0, the correct usage for it is:

access-list no_nat permit ip 10.0.0.0 255.0.0.0 20.0.0.0 255.0.0.0

nat (inside) 0 access-list no_nat

this means that you are not natting the traffic which is going from 10.0.0.0 to 20.0.0.0.

If you cannot find the access-list, try:

show run access-list NO_NAT

if it does not show anything, then this nat statement is not required, since you do not have an ACL for it.

Hope this helps.

Thanks,

Varun

Please do rate helpful posts.

Thanks,
Varun Rao
0 Helpful

Go to solution
Tang-Suan Tan
Level 1
Level 1
In response to varrao

‎09-21-2011 02:10 AM

Hi Varun :

Thanks for your answer and explanation.

I now understand what is the meaning on this command line. Appreciate your answer and thanks again.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card