Zero NAT config

mahesh18 · ‎02-02-2016

Hi,

Need to know the explanation of NAT

access-list policy extended permit ip host 192.168.60.207 host 192.203.187.140

nat (Outside) 1 access-list policy

Above is zero nat zero that says if source is 192.168.60.207 and going to destination 192.203.187.140 do not do NAT right?

global (Outside) 2 192.168.166.62******************************** This is dynamic PAT right?
nat (Outside) 1 access-list policy
nat (Inside) 2 0.0.0.0 0.0.0.0***********************************This is dynamic PAT right ?

Regards

MAhesh

Philip D'Ath · ‎02-02-2016

This is old PIX code, isn't?

Straining my memory back that far, what is is saying is if source is 192.168.60.207 and going to destination 192.203.187.140 then use NAT pool 1. You haven't shown what the config is for this pool.

mahesh18 · ‎02-03-2016

I do not see any config for pool.

It is running ASA Version 8.2(3) .

Regards

MAhesh

Jon Marshall · ‎02-05-2016

Mahesh

It is definitely not a NAT exemption.

Do you see a corresponding global statement applied to any other interface ?

Jon

mahesh18 · ‎02-06-2016

Hi Jon,

Here is what I see in config

access-list policy extended permit ip host 192.168.60.207 host 192.203.187.140

nat (Outside) 1 access-list policy

I see no global statement.

is there a way I can verify if this NAT is even used or not?

Regards

Mahesh

Jon Marshall · ‎02-06-2016

Mahesh

You could check the acl for any hits.

It is unusual, but valid, because it is applied to the outside interface which suggests there is a corresponding global statement on another interface.

But you say there are no global statements on any other interfaces except the outside one ?

Where are the IP addresses used in the acl in relation to the interfaces ie. which interface does the ASA use to reach 192.168.60.207 for example ?

Jon