09-19-2019 12:57 PM
Greetings!,
Hope you guys doing good.
In my organization, I have following NAT rule configured.
nat (TRPS-Inside,any) source static NET10 NET10 destination static NET10 NET10 no-proxy-arp route-lookup
I am not able to understand its significance as I am still new to ASA.
Here are some of the details.
ASA 5550//asa917-32-k8.bin
TRPS-Inside: This is the inside zone where most of the users are and they access internet mainly.
object network NET10
subnet 10.0.0.0 255.0.0.0
Now all the inside users also have IP in subnet 10.x.x.0/24
so with this IP scheming I am not sure what above rule is doing...
The thing is that, I have configured any4 any4 on interface TRPS-Inside but I am still not able to ping/reach any other local lan subnet say 10.190.x.x
Security rules and routes look good.
Any insight will be greatly helpful.
Regards,
Rahul
Solved! Go to Solution.
09-19-2019 01:17 PM
nat (TRPS-Inside,any) source static NET10 NET10 destination static NET10 NET10 no-proxy-arp route-lookup
The above statement means NAT Exempted.
Can you post the configuration which was not working?
09-19-2019 01:17 PM
nat (TRPS-Inside,any) source static NET10 NET10 destination static NET10 NET10 no-proxy-arp route-lookup
The above statement means NAT Exempted.
Can you post the configuration which was not working?
09-19-2019 01:21 PM
Hello,
make sure you have:
same-security-traffic permit intra-interface
same-security-traffic permit inter-interface
configured on the ASA.
As for the NAT entry,I think it is the same as 'nat 0 access-list', which in its converted form means static twice NAT, and means NAT exemption.
09-20-2019 12:02 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide