cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
630
Views
0
Helpful
5
Replies

Zero NAT config

mahesh18
Level 6
Level 6

Hi,

Need to know the explanation of  NAT

access-list policy extended permit ip host 192.168.60.207 host 192.203.187.140

nat (Outside) 1 access-list policy

Above is zero nat zero that says if source is 192.168.60.207 and going to destination 192.203.187.140 do not do NAT right?

global (Outside) 2 192.168.166.62******************************** This is dynamic PAT right?
nat (Outside) 1 access-list policy
nat (Inside) 2 0.0.0.0 0.0.0.0***********************************This is dynamic PAT right ?

Regards

MAhesh

5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

This is old PIX code, isn't?

Straining my memory back that far, what is is saying is if source is 192.168.60.207 and going to destination 192.203.187.140 then use NAT pool 1.  You haven't shown what the config is for this pool.

I do not see any config for pool.

It is running ASA Version 8.2(3) .

Regards

MAhesh

Mahesh

It is definitely not a NAT exemption.

Do you see a corresponding global statement applied to any other interface ?

Jon

Hi Jon,

Here is what I see in config

access-list policy extended permit ip host 192.168.60.207 host 192.203.187.140

nat (Outside) 1 access-list policy

I see no global statement.

is there a way I can verify if this NAT is even used or not?

Regards

Mahesh

Mahesh

You could check the acl for any hits.

It is unusual, but valid, because it is applied to the outside interface which suggests there is a corresponding global statement on another interface.

But you say there are no global statements on any other interfaces except the outside one ?

Where are the IP addresses used in the acl in relation to the interfaces ie. which interface does the ASA use to reach 192.168.60.207 for example ?

Jon

Review Cisco Networking for a $25 gift card