cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
774
Views
0
Helpful
3
Replies

ASA 8.2 NAT Exemption Question

drewnivet
Beginner
Beginner

Hello I've created a diagram here to illustrate the problem.  Just looking for some confirmation that this would be the correct fix for this.  Our server inside Site3 cannot reach the internal Site2 network is the issue.  Appreciate any help.

Diagram is attached here.

1 Accepted Solution

Accepted Solutions

Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend

Okay, I think I just misread which ASA was doing what.

So the answer is still yes, you need to apply that to the incoming interface.

Jon

View solution in original post

3 Replies 3

Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend

Yes, you need to add it to the interface as per your diagram.

However I am a bit confused ie. you have a VPN between the sites, do you not already have a NAT exemption ?

Jon

Thanks Jon.  Yes there is NAT exemption between the main campus inside networks and the remote site network

Also, on Site2's firewall

object network obj-10.10.10.0
subnet 10.10.10.0 255.255.255.0


nat (inside,any) source static obj-10.10.10.0 obj-10.10.10.0 no-proxy-arp route-lookup

Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend

Okay, I think I just misread which ASA was doing what.

So the answer is still yes, you need to apply that to the incoming interface.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers