Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1351
Views
10
Helpful
1
Replies

Cisco ASA NAT exemption

Go to solution
LovejitSingh1313
Level 1
Level 1

‎10-29-2020 03:04 PM

Hello Guys @balaji.bandi @Marius Gunnerud  @Rob Ingram  @Aref Alsouqi  

 

I have a internal lan interface: 172.16.10.1/24 and it is gateway.  172.16.10.40 is another router connected internal for specific external routes . 

so any traffic which goes from inside to inside to 172.16.10.40 gets NATed to 172.16.10.1 which is fine. 

 

I want to confgure exemption for NATing to particular destination IPs. For example, if destination is 216.76.54.32 through 172.16.10.40 from inside to inside. I want ASA not to do nating and leave the source IP as it is. 

 

Please suggest command to accomplish it.

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP

‎10-29-2020 03:40 PM - edited ‎10-29-2020 03:45 PM

I think you can do something like the following:

object network Host-216.76.54.32
 host 216.76.54.32

nat (inside,inside) 1 source static any any destination static Host-216.76.54.32 Host-216.76.54.32

If that does not work, try to replace the any keyword with your internal LAN object.

View solution in original post

1 Reply 1

Go to solution
Aref Alsouqi
VIP
VIP

‎10-29-2020 03:40 PM - edited ‎10-29-2020 03:45 PM

I think you can do something like the following:

object network Host-216.76.54.32
 host 216.76.54.32

nat (inside,inside) 1 source static any any destination static Host-216.76.54.32 Host-216.76.54.32

If that does not work, try to replace the any keyword with your internal LAN object.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card