Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1774
Views
0
Helpful
1
Replies

Nat Exempt in ASA 9.1

srikanth ath
Level 4
Level 4

‎02-18-2015 08:40 AM - edited ‎03-07-2019 10:43 PM

Hello Need help on Nat exempt.

I'm looking to configure a nat exempt for couple of Hosts in X-DMZ to any interface. so, what would be the correct way in 9.1 version of ASA.

 

object-group network Sensors

  network-object host 10.14.X.X

 network-object host 10.14.X.X

1.  nat ( X-DMZ ,any) source static Sensors Sensors destination static any any description nat exempt

                                                              or

2. nat exempting for each of the interfaces

 nat (X-DMZ, Leveraged) source static Sensors Sensors destination static any any description nat exempt

nat (X-DMZ, Inside) source static Sensors Sensors destination static any any description nat exempt

nat (X-DMZ, Outside) source static Sensors Sensors destination static any any description nat exempt

nat (X-DMZ, VDMZ) source static Sensors Sensors destination static any any description nat exempt

nat (X-DMZ, AND) source static Sensors Sensors destination static any any description nat exempt

 

Below are the security levels applied.

Cisco Adaptive Security Appliance Software Version 9.1(3) context.

 

ASA# sh nameif
Interface                                Name                              Security
Outside                                    Outside                         0
Inside                                        Inside                      100
TenGigabitEthernet1/1.X    Leveraged                      50
TenGigabitEthernet1/1.Y     AND                              50
TenGigabitEthernet1/3.Z     X-DMZ                           40
TenGigabitEthernet1/3.L     VDMZ                             60

 

Thanks in advance

Labels:
0 Helpful
1 Reply 1

cosmin.mateescu
Level 1
Level 1

‎02-21-2015 11:20 AM

I think both are valid (starting  ASA 8.3 and newer)

You can find the sintax here:  http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/nat_objects.html 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card