01-25-2017 07:50 PM - edited 03-10-2019 06:45 AM
Hello,
I have created a NAT rule in ASA. But is there anyway to bypass NAT traffic to SFR?
as I keep to see some private LAN IP appear at security intelligence events logs.
Thanks!
01-26-2017 05:12 AM
You can tune the traffic redirection ACL. Or create one, if you use the default.
01-26-2017 05:12 AM
You probably have an ACL, class map and policy map redirecting traffic to the SFR. For example:
ciscoasa(config)# access-list sfr_redirect extended permit ip any any
ciscoasa(config)# class-map sfr
ciscoasa(config-cmap)# match access-list sfr_redirect
ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class sfr
ciscoasa(config-pmap-c)# sfr fail-open
Just add a deny entry for the traffic that you don't want to send to the SFR above the permit ip any any line in the "sfr_redirect" ACL.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide