Hello Need help on Nat exempt.
I'm looking to configure a nat exempt for couple of Hosts in X-DMZ to any interface. so, what would be the correct way in 9.1 version of ASA.
object-group network Sensors
network-object host 10.14.X.X
network-object host 10.14.X.X
1. nat ( X-DMZ ,any) source static Sensors Sensors destination static any any description nat exempt
or
2. nat exempting for each of the interfaces
nat (X-DMZ, Leveraged) source static Sensors Sensors destination static any any description nat exempt
nat (X-DMZ, Inside) source static Sensors Sensors destination static any any description nat exempt
nat (X-DMZ, Outside) source static Sensors Sensors destination static any any description nat exempt
nat (X-DMZ, VDMZ) source static Sensors Sensors destination static any any description nat exempt
nat (X-DMZ, AND) source static Sensors Sensors destination static any any description nat exempt
Below are the security levels applied.
Cisco Adaptive Security Appliance Software Version 9.1(3) context.
ASA# sh nameif
Interface Name Security
Outside Outside 0
Inside Inside 100
TenGigabitEthernet1/1.X Leveraged 50
TenGigabitEthernet1/1.Y AND 50
TenGigabitEthernet1/3.Z X-DMZ 40
TenGigabitEthernet1/3.L VDMZ 60
Thanks in advance