Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
0
Helpful
1
Replies

NAT exempt

m.bouwmeester
Level 1
Level 1

‎07-04-2007 01:41 PM - edited ‎03-11-2019 03:40 AM

Hello,

Can somebody explain the difference between the commands:

static (inside,dms) 10.1.0.0 10.1.0.0 netmask 255.255.0.0

and

nat (inside) 0 access-list NoNat

access-list NoNat permit ip 10.1.0.0 255.255.0.0 any

After Updating from 7.x to 8.x the second command doesn't work anymore. Because there was no translation group.

Kind regards,

Martien

Labels:
0 Helpful
1 Reply 1

srue
Level 7
Level 7

‎07-05-2007 05:49 AM

access-list NoNat will cause ALL traffic from 10.1.0.0/16 to not be NAT'ed, no matter where its going.

your static NAT entry will only cause 10.1.0.0/16 to not get NAT'ed if it's going to the dmz interface, otherwise it is subject to other nat (inside) rules.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card