02-18-2015 08:58 AM - edited 03-07-2019 10:44 PM
Hello Need help on Exempting Nat
I'm looking to configure a nat exempt for couple of Hosts in X-DMZ to any interface. so, what would be the correct way in 9.1 version of ASA.
object-group network Sensors
network-object host 10.14.X.X
network-object host 10.14.X.X
1. nat ( X-DMZ ,any) source static Sensors Sensors destination static any any description nat exempt
or
2. nat exempting for each of the interfaces
nat (X-DMZ, Leveraged) source static Sensors Sensors destination static any any description nat exempt
nat (X-DMZ, Inside) source static Sensors Sensors destination static any any description nat exempt
nat (X-DMZ, Outside) source static Sensors Sensors destination static any any description nat exempt
nat (X-DMZ, VDMZ) source static Sensors Sensors destination static any any description nat exempt
nat (X-DMZ, AND) source static Sensors Sensors destination static any any description nat exempt
Below are the security levels applied.
Cisco Adaptive Security Appliance Software Version 9.1(3) context.
ASA# sh nameif
Interface Name Security
Outside Outside 0
Inside Inside 100
TenGigabitEthernet1/1.X Leveraged 50
TenGigabitEthernet1/1.Y AND 50
TenGigabitEthernet1/3.Z X-DMZ 40
TenGigabitEthernet1/3.L VDMZ 60
Thanks in advance
02-20-2015 05:55 PM
02-20-2015 06:01 PM
Hi Leo
You have to leave one of the posts without a link to the others or it just creates a loop someone like me is too stupid to get out of :-)
Jon
02-20-2015 06:12 PM
Hi Jon,
LOL.
The OP made four threads of the same topic. I've "marked" three of the threads as Duplicates and all of the three should be pointed HERE.
02-20-2015 06:32 PM
Leo
Thanks for that.
Hope you're well.
Jon
02-20-2015 06:32 PM
I'm doing fine, Jon. Thanks for asking.
Just trying to get this jet lag off me.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide