Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
0
Helpful
1
Replies

Exempting PAT on the return path from connections initiated on the outside interface

KenDedesko
Level 1
Level 1

‎08-30-2019 08:05 AM

Hi

We have a situation with an ASA where there is a PAT set up for connections from the inside interface to the outside (mpls, not the Internet). 

 

There are certain connections initiated from a remote site that come in on the outside interface to a real server's IP address. The PAT kicks in on the return and the connection is no longer valid.

 

Is there a way to disable PAT for connections that come in on the outside interface?

 

The weirdness is that when the source is PAT'd, and there was an outside NAT on the router, it worked. The PAT did not get executed.  When we moved the outside NAT over to the remote firewall at the other end, the PAT now always kicks in.

 

Thanks

 

Ken

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎08-30-2019 08:44 AM

Hi,
I've not tried it, but how about defining a unidirectional NAT exemption rule. Create this rule above your dynamic PAT rule and that might do what you want.

HTH
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card