NAT exempt

Unanswered Question
Jul 4th, 2007
User Badges:

Hello,


Can somebody explain the difference between the commands:


static (inside,dms) 10.1.0.0 10.1.0.0 netmask 255.255.0.0


and


nat (inside) 0 access-list NoNat

access-list NoNat permit ip 10.1.0.0 255.255.0.0 any


After Updating from 7.x to 8.x the second command doesn't work anymore. Because there was no translation group.


Kind regards,

Martien


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Thu, 07/05/2007 - 05:49
User Badges:
  • Blue, 1500 points or more

access-list NoNat will cause ALL traffic from 10.1.0.0/16 to not be NAT'ed, no matter where its going.

your static NAT entry will only cause 10.1.0.0/16 to not get NAT'ed if it's going to the dmz interface, otherwise it is subject to other nat (inside) rules.


Actions

This Discussion