No Natting

chiangfong · ‎08-11-2014

i don't want translate inside network segment (172.31.20.0/24). I want it to be able to communicate with outside segment(172.16.54.0/24). How should i configure?

(172.16.54.0/24) outside<<<<firewall>>>>inside (172.31.20.0/24)

nkarthikeyan · ‎08-13-2014

Hi,

If you are using ASA 8.2 or before releases.... then you need to do configure like this.

access-list nonat extended permit ip 172.31.20.0 255.255.255.0 172.16.54.0 255.255.255.0

nat (inside) 0 access-list nonat

!

sameway if the 172.16.54.0 subnet is on another site, which is behing a FW... then in that firewall also they should do the nonat , required in case of site to site

access-list nonat extended permit ip 172.16.54.0 255.255.255.0 172.31.20.0 255.255.255.0

nat (inside) 0 access-list nonat

!

If you are running 8.3 + version of ASA OS, then here you get

object network lan

subnet 172.31.20.0 255.255.255.0

object lan destination

172.16.54.0 255.255.255.0

!

nat (inside,outside) source static lan lan destination static destination destination no-proxy-arp

!

on the other site.

object network destination

subnet 172.31.20.0 255.255.255.0

object lan lan

172.16.54.0 255.255.255.0

!

nat (inside,outside) source static lan lan destination static destination destination no-proxy-arp

Regards

Karthik