NAT exempt

Unanswered Question
Jul 4th, 2007
User Badges:


Can somebody explain the difference between the commands:

static (inside,dms) netmask


nat (inside) 0 access-list NoNat

access-list NoNat permit ip any

After Updating from 7.x to 8.x the second command doesn't work anymore. Because there was no translation group.

Kind regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Thu, 07/05/2007 - 05:49
User Badges:
  • Blue, 1500 points or more

access-list NoNat will cause ALL traffic from to not be NAT'ed, no matter where its going.

your static NAT entry will only cause to not get NAT'ed if it's going to the dmz interface, otherwise it is subject to other nat (inside) rules.


This Discussion