09-10-2014 05:25 AM
Friends,
Can anyone help me?
How do I configure "no nat" in version 8.4(4) of the ASA?
Example:
Local network: 192.168.135.0/24
Remote Network: 192.168.137.0/24
Before:
# access-list extended permit ip Nonat 192.168.135.0 255.255.255.0 192.168.137.0 255.255.255.0
#nat (inside) 0 access-list Nonat
How do these same settings in version 8.4(4) of the ASA?
When entering command "nat (inside) 0 access-list Nonat"
ERROR: This syntax of nat command Has Been deprecated.
Please refer to "help nat" command for more details.
Is this correct?
#object network network-local
#subnet 192.168.135.0 255.255.255.0
#object network network-remote
#subnet 192.168.137.0 255.255.255.0
#nat (inside,outside) source static rede-local rede-local destination static rede-remota rede-remota no-proxy-arp
#nat (outside,inside) source static rede-remota rede-remota destination static rede-local rede-local no-proxy-arp
09-10-2014 06:18 AM
You typically need only one NAT for that:
nat (inside,outside) source static rede-local rede-local destination static rede-remota rede-remota no-proxy-arp route-lookup
The other direction (outside,inside) is not needed. Depending on the rest of your setup you need to add the keyword "route-lookup".
And you should read Jounis very excellent document on ASA 8.3+ NAT:
09-10-2014 09:53 AM
Thank you, Karsten Iwen.
After configuring and testing, I inform if I succeeded.
09-10-2014 07:39 AM
Also add route-lookup at the end of the NAT statement if it is version 8.4 and above.
nat (inside,outside) source static rede-local rede-local destination static rede-remota rede-remota no-proxyarp route-lookup
09-10-2014 07:53 AM
Also note the mismatch between the object names configured and the object names used in the nat statement.
HTH
Rick
09-10-2014 09:55 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Thank you, Raja and Richard.
After configuring and testing, I inform if I succeeded.