hi harvey,

thanks!

do we need to exit? or can do like:

object network IDENTITY-NAT-OBJ
  host 111.203.23.1

 nat (inside,outside) source static IDENTITY-NAT-OBJ IDENTITY-NAT-OBJ no-proxy-arp route-lookup

could you explain further about the keyword no proxy-arp route-lookup?

Hi,

I would like to add something on the NAT if you use the Manual NAT statement , I would recommend putting this statement at the end of the Manual Section as it might cause issues with the preference order on the ASA device.

Also , as per your query , you can check for the description of the keywords using this url:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/n.html#pgfId-1792563

Thanks and Regards,

Vibhor Amrodia

hi vibhor,

thanks for the link!

i saw these are optional and route-lookup is used by default.

how about my original question, is the config below ok?

object network IDENTITY-NAT-OBJ

  host 111.203.23.1

  nat (inside,outside) source static IDENTITY-NAT-OBJ IDENTITY-NAT-OBJ

hi vibhor,

thanks! so i was right about my config.

will add those suggested keywords!

hi vibhor,

one last thing, is it advisable to always have these lines on the ASA?

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

Hi,

No , actually these command should only be enabled if you have some U-TURN traffic working on the ASA device or if you have multiple Sub-interfaces with the same security Level and want to communicate with each other. Also , if you have muliple interfaces on the ASA device with same security level and they want to communicate with each other , then it might be required.

If you don't have any of these , these commands should not be required.

thanks again!