NAT Exemption

amit.secure1 · ‎05-15-2008

Hi Experts,

I have two interface dmz(S. level 90) and wan(s. level 60) i have two nat exemption rule

nat (dmz) 0 0.0.0.0 0.0.0.0

nat (wan) 0 0.0.0.0 0.0.0.0

i have one another static nat rule:

static(dmz,wan) 10.10.10.10 10.10.10.10

when i try to removing this natting rule, i get connection loss from wan..

after adding same static rule again get connection from wan to dmz..

please revert with proper solution to exempt nat.

Thanks in advance.........

Amit

andrew.prince · ‎05-16-2008

Amit,

A better way of doing what you are trying to acheve, is policy based NAT, something like:-

nat (dmz) 0 access-list DMZ_WAN

access-list DMZ_WAN extended permit ip <> <>

What hardware are you running? What version of code are you running?

HTH.

srue · ‎05-18-2008

is nat-control enabled?

amit.secure1 · ‎05-18-2008

yes nat-control enabled.....

vabruno · ‎05-20-2008

I believe is you do a no nat-control then you wont need any NAT statements because you are trying to push traffic from DMZ to wan with is a lower security level and with NAT-control no enabled that traffic will not get NAT'd anyways.

amit.secure1 · ‎05-20-2008

Thnks for ur reply...

now i got another major solution that is not documneted on cisco site, i taking confimration from cisco for same changes.

now i am closing this coversation