cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
656
Views
0
Helpful
2
Replies
Highlighted
Beginner

ASA Firewall NAT public IP address no NAT

Is this possible - ASA5512-X

 

Outside Address /27  Public - Inside Address Private /24

 

I have basic NAT configured but would like to apply a public IP to an "inside" address with no-NAT. Now I have managed this before by splitting the /27 and creating a /28 routed VLAN network using half the public IPs - but it wastes addresses.

On the old 8.x software you could configure allow addresses to pass without translation.  Is this possible now?

 

2 REPLIES 2
Highlighted
Frequent Contributor

Not exactly sure what you

Not exactly sure what your question is but it appears to me you are looking for NoNAT configuration for post 8.2 version of Cisco ASA, if so then here's what you need :

Let's say :

internal subnet : 10.10.10.0/24

External Subnet : 198.41.41.0/24

now you want 10.10.10.0/24 to go to 198.41.41.0/24 untranslated and avoid the dynamic Pat :

object network OBJ-10.10.10.0

 subnet 10.10.10.0 255.255.255.0

object network OBJ-198.41.41.0

 subnet 198.41.41.0 255.255.255.0

 

nat (inside,outside) source static OBJ-10.10.10.0 OBJ-10.10.10.0  destination static OBJ-198.41.41.0 OBJ-198.41.41.0

 

Hope I understood your request correctly.

Thanks

Manish

Re: ASA Firewall NAT public IP address no NAT

I believe I ran into your issue last night. If that happens again double check your service-policy thru CLI

 

1. Class map "match address"

2. policy-map - apply your class and any other parameters

3. policy-map should be in your service-policy...

 

If service-policy is gone then you are not inspecting anything and therefore all traffic that is being logged is your NAT traffic... I lost SNMP and Netflow which was a flag of this issue.