cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
903
Views
0
Helpful
5
Replies
Highlighted
Beginner

nat (inside) 0

Friends,

Can anyone help me?

How do I configure "no nat" in version 8.4(4) of the ASA?

Example:

Local network: 192.168.135.0/24
Remote Network: 192.168.137.0/24

Before:

# access-list extended permit ip Nonat 192.168.135.0 255.255.255.0 192.168.137.0 255.255.255.0
#nat (inside) 0 access-list Nonat

How do these same settings in version 8.4(4) of the ASA?

When entering command "nat (inside) 0 access-list Nonat"
ERROR: This syntax of nat command Has Been deprecated.
Please refer to "help nat" command for more details.

 

Is this correct?

 

#object network network-local

     #subnet 192.168.135.0 255.255.255.0

#object network network-remote

     #subnet 192.168.137.0 255.255.255.0

#nat (inside,outside) source static rede-local rede-local destination static rede-remota rede-remota no-proxy-arp

#nat (outside,inside) source static rede-remota rede-remota destination static rede-local rede-local no-proxy-arp

Everyone's tags (1)
5 REPLIES 5
Highlighted
VIP Mentor

You typically need only one

You typically need only one NAT for that:

nat (inside,outside) source static rede-local rede-local destination static rede-remota rede-remota no-proxy-arp route-lookup

The other direction (outside,inside) is not needed. Depending on the rest of your setup you need to add the keyword "route-lookup".

And you should read Jounis very excellent document on ASA 8.3+ NAT:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

Highlighted
Beginner

Thank you, Karsten Iwen.After

Thank you, Karsten Iwen.

After configuring and testing, I inform if I succeeded.

Highlighted

Also add route-lookup at the

Also add route-lookup at the end of the NAT statement if it is version 8.4 and above.

nat (inside,outside) source static rede-local rede-local destination static rede-remota rede-remota no-proxyarp route-lookup

Highlighted
Hall of Fame Master

Also note the mismatch

Also note the mismatch between the object names configured and the object names used in the nat statement.

 

HTH

 

Rick

HTH

Rick
Highlighted
Beginner

Thank you, Raja.After

Thank you, Raja and Richard.

After configuring and testing, I inform if I succeeded.