02-18-2015 08:58 AM - edited 03-07-2019 10:44 PM
Hello Need help on Exempting Nat
I'm looking to configure a nat exempt for couple of Hosts in X-DMZ to any interface. so, what would be the correct way in 9.1 version of ASA.
object-group network Sensors
network-object host 10.14.X.X
network-object host 10.14.X.X
1. nat ( X-DMZ ,any) source static Sensors Sensors destination static any any description nat exempt
or
2. nat exempting for each of the interfaces
nat (X-DMZ, Leveraged) source static Sensors Sensors destination static any any description nat exempt
nat (X-DMZ, Inside) source static Sensors Sensors destination static any any description nat exempt
nat (X-DMZ, Outside) source static Sensors Sensors destination static any any description nat exempt
nat (X-DMZ, VDMZ) source static Sensors Sensors destination static any any description nat exempt
nat (X-DMZ, AND) source static Sensors Sensors destination static any any description nat exempt
Below are the security levels applied.
Cisco Adaptive Security Appliance Software Version 9.1(3) context.
ASA# sh nameif
Interface Name Security
Outside Outside 0
Inside Inside 100
TenGigabitEthernet1/1.X Leveraged 50
TenGigabitEthernet1/1.Y AND 50
TenGigabitEthernet1/3.Z X-DMZ 40
TenGigabitEthernet1/3.L VDMZ 60
Thanks in advance
02-20-2015 05:55 PM
02-20-2015 06:01 PM
Hi Leo
You have to leave one of the posts without a link to the others or it just creates a loop someone like me is too stupid to get out of :-)
Jon
02-20-2015 06:12 PM
Hi Jon,
LOL.
The OP made four threads of the same topic. I've "marked" three of the threads as Duplicates and all of the three should be pointed HERE.
02-20-2015 06:32 PM
Leo
Thanks for that.
Hope you're well.
Jon
02-20-2015 06:32 PM
I'm doing fine, Jon. Thanks for asking.
Just trying to get this jet lag off me.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: