Cisco ASA NAT Exemption (post version 8.3)

Networking
Tristan SelfLeave a Comment on Cisco ASA NAT Exemption (post version 8.3)

The changes to the ASA IOS post version 8.3 changes the way that NAT works. NAT Exemption is normally used to disable translation for certain addresses e.g. for VPN tunnelling.

So for this example below you create an access-list containing the IP addresses that are to be exempted from NAT. So say these are the site to site VPN addresses where 192.168.0.0/24 is the A end, and 172.31.0.0 255.255.255.0 is the B end.

# access-list NAT_EXEMPT extended permit ip 192.168.0.0 255.255.255.0 172.31.0.0 255.255.255.0

# nat (inside) 0 access-list NAT_EXEMPT

This basically says traffic going through the firewall from 192.168.0.0/24 to 172.31.0.0/24 through the firewall should not be NATTed.

Related Posts

Enable RPR Route Processor Redundancy on Cisco 4500 Series Switch

Tristan Self

Extreme Networks Port Mirroring (Spanning) for Packet Capturing

Tristan Self

Bandwidth and Link Quality Testing with “IPerf”

Tristan Self

Leave a Reply

Your email address will not be published. Required fields are marked *