Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1037
Views
0
Helpful
1
Replies

NAT Exemption Rules (hitcnt=0)

Go to solution
GREGORY JACKSON
Level 1
Level 1

‎01-18-2018 08:26 AM - edited ‎02-21-2020 07:09 AM

I'm currently converting from ASA 5525 to FirePower 2140 w/FMC. As I am auditing my current ASA I see there are lots of No-nat rules with hitcnt=0 these look to be at (0) for a long period of time. I wanted to understand does the NO_NAT rules actually show a (hitcnt) of greater than zero? I don't want to migrate any ACL's that I don't need.

 

I am going to disable them one at a time to determine the impact, but does anyone know if it the NAT exemption rules actually show a hitcnt?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Pawan Raut
Level 4
Level 4

‎01-18-2018 10:25 AM

NAT exemption is also NAT rule and that convert same Original IP to same MAP IP when ASA check the packet flow so it should have hit count when it matches the rule for any traffic.
Could you please paste that NAT exemption rule and show nat de output for that respective rule.

Regards,
Pawan

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Pawan Raut
Level 4
Level 4

‎01-18-2018 10:25 AM

NAT exemption is also NAT rule and that convert same Original IP to same MAP IP when ASA check the packet flow so it should have hit count when it matches the rule for any traffic.
Could you please paste that NAT exemption rule and show nat de output for that respective rule.

Regards,
Pawan
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card