Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
2
Replies

ASA 8.2 code and static nat's

cperkins22
Level 4
Level 4

‎11-21-2016 08:04 AM - edited ‎03-12-2019 06:10 PM

So quick and easy question "I hope".

i have a asa configured on an internal network and I see that there's a static statement for each interface combination but it's just saying nat the ip to itself which seems to be pointless.

Are these statements even needed?  I know you always need "NAT, route, rule" but this seems ridiculous.

static (inside,outside) 0.0.0.0 0.0.0.0 netmask 255.255.255.255
static (inside,warehouse) 0.0.0.0 0.0.0.0 netmask 255.255.255.255
static (warehouse,inside) 0.0.0.0 0.0.0.0 netmask 255.255.255.255
static (nowhere,inside) 0.0.0.0 0.0.0.0 netmask 255.255.255.255

Labels:
0 Helpful
2 Replies 2

teatrodelsogno
Level 1
Level 1

‎11-21-2016 08:50 AM

Hi,
seems strange configuration?

did you inherit this configuration from another security engineer?

0 Helpful

cperkins22
Level 4
Level 4
In response to teatrodelsogno

‎11-21-2016 12:20 PM

Yes it's strange.  I did inherit it.  A "sh nat" shows no translate_hits for any of them so I think it's safe to remove it but I have hundreds of asa's with this statement so before removing it I want to make certain I understand why it's doing.

I'm trying to get the config ready to upgrade to 8.4 therefore I want to eliminate any erroneous code.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card