Solved: Clarification about NAT

devsaiyan · ‎09-19-2019

Greetings!,

Hope you guys doing good.

In my organization, I have following NAT rule configured.

nat (TRPS-Inside,any) source static NET10 NET10 destination static NET10 NET10 no-proxy-arp route-lookup

I am not able to understand its significance as I am still new to ASA.

Here are some of the details.

ASA 5550//asa917-32-k8.bin

TRPS-Inside: This is the inside zone where most of the users are and they access internet mainly.

object network NET10
subnet 10.0.0.0 255.0.0.0

Now all the inside users also have IP in subnet 10.x.x.0/24

so with this IP scheming I am not sure what above rule is doing...

The thing is that, I have configured any4 any4 on interface TRPS-Inside but I am still not able to ping/reach any other local lan subnet say 10.190.x.x

Security rules and routes look good.

Any insight will be greatly helpful.

Regards,

Rahul

balaji.bandi · ‎09-19-2019

nat (TRPS-Inside,any) source static NET10 NET10 destination static NET10 NET10 no-proxy-arp route-lookup

The above statement means NAT Exempted.

Can you post the configuration which was not working?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎09-19-2019

nat (TRPS-Inside,any) source static NET10 NET10 destination static NET10 NET10 no-proxy-arp route-lookup

The above statement means NAT Exempted.

Can you post the configuration which was not working?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎09-19-2019

Hello,

make sure you have:

same-security-traffic permit intra-interface

same-security-traffic permit inter-interface

configured on the ASA.

As for the NAT entry,I think it is the same as 'nat 0 access-list', which in its converted form means static twice NAT, and means NAT exemption.

devsaiyan · ‎09-20-2019

Thank you for your input.