Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
771
Views
4
Helpful
2
Replies

Bypass NAT traffic to SFR

Machi Ma
Level 1
Level 1

‎01-25-2017 07:50 PM - edited ‎03-10-2019 06:45 AM

Hello,

I have created a NAT rule in ASA.  But is there anyway to bypass NAT traffic to SFR? 

as I keep to see some private LAN IP appear at security intelligence events logs.

Thanks!

Labels:
0 Helpful
2 Replies 2

Claudiu Cismaru
Cisco Employee
Cisco Employee

‎01-26-2017 05:12 AM

You can tune the traffic redirection ACL. Or create one, if you use the default.

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni

‎01-26-2017 05:12 AM

You probably have an ACL, class map and policy map redirecting traffic to the SFR. For example:

ciscoasa(config)# access-list sfr_redirect extended permit ip any any

ciscoasa(config)# class-map sfr
ciscoasa(config-cmap)# match access-list sfr_redirect

ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class sfr
ciscoasa(config-pmap-c)# sfr fail-open

Just add a deny entry for the traffic that you don't want to send to the SFR above the permit ip any any line in the "sfr_redirect" ACL.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card