Hi LeoYou have to leave one

srikanth ath · ‎02-18-2015

Hello Need help on Exempting Nat

I'm looking to configure a nat exempt for couple of Hosts in X-DMZ to any interface. so, what would be the correct way in 9.1 version of ASA.

object-group network Sensors

network-object host 10.14.X.X

1. nat ( X-DMZ ,any) source static Sensors Sensors destination static any any description nat exempt

or

2. nat exempting for each of the interfaces

nat (X-DMZ, Leveraged) source static Sensors Sensors destination static any any description nat exempt

nat (X-DMZ, Inside) source static Sensors Sensors destination static any any description nat exempt

nat (X-DMZ, Outside) source static Sensors Sensors destination static any any description nat exempt

nat (X-DMZ, VDMZ) source static Sensors Sensors destination static any any description nat exempt

nat (X-DMZ, AND) source static Sensors Sensors destination static any any description nat exempt

Below are the security levels applied.

Cisco Adaptive Security Appliance Software Version 9.1(3) context.

ASA# sh nameif
Interface Name Security
Outside Outside 0
Inside Inside 100
TenGigabitEthernet1/1.X Leveraged 50
TenGigabitEthernet1/1.Y AND 50
TenGigabitEthernet1/3.Z X-DMZ 40
TenGigabitEthernet1/3.L VDMZ 60

Thanks in advance

Leo Laohoo · ‎02-20-2015

Duplicate posts.

Go HERE.

Jon Marshall · ‎02-20-2015

Hi Leo

You have to leave one of the posts without a link to the others or it just creates a loop someone like me is too stupid to get out of :-)

Jon

Leo Laohoo · ‎02-20-2015

Hi Jon,

LOL.

The OP made four threads of the same topic. I've "marked" three of the threads as Duplicates and all of the three should be pointed HERE.

Jon Marshall · ‎02-20-2015

Leo

Thanks for that.

Hope you're well.

Jon

Leo Laohoo · ‎02-20-2015

I'm doing fine, Jon. Thanks for asking.

Just trying to get this jet lag off me.

ASA 9.1 Exempt Nat help