cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1003
Views
0
Helpful
3
Replies

ASA 8.2 NAT Exemption Question

drewnivet
Level 1
Level 1

Hello I've created a diagram here to illustrate the problem.  Just looking for some confirmation that this would be the correct fix for this.  Our server inside Site3 cannot reach the internal Site2 network is the issue.  Appreciate any help.

Diagram is attached here.

1 Accepted Solution

Accepted Solutions

Okay, I think I just misread which ASA was doing what.

So the answer is still yes, you need to apply that to the incoming interface.

Jon

View solution in original post

3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

Yes, you need to add it to the interface as per your diagram.

However I am a bit confused ie. you have a VPN between the sites, do you not already have a NAT exemption ?

Jon

Thanks Jon.  Yes there is NAT exemption between the main campus inside networks and the remote site network

Also, on Site2's firewall

object network obj-10.10.10.0
subnet 10.10.10.0 255.255.255.0


nat (inside,any) source static obj-10.10.10.0 obj-10.10.10.0 no-proxy-arp route-lookup

Okay, I think I just misread which ASA was doing what.

So the answer is still yes, you need to apply that to the incoming interface.

Jon

Review Cisco Networking for a $25 gift card