I'm configuring a FWSM with 3.1(6) and need some help regarding NAT on the outside interface.
I'd like to know if it's possible to use nat-exemption on the outside interface without using a static as I'll be using the statics to translate from a global ip to a local one. So I'd have something like this:
nat (outside) 0 access-list nonat outside
access-list nonat permit 10.1.0.0 255.255.0.0 10.10.0.0 255.255.0.0
So I could then, for example make a static translation such as:
static (inside,outside) 192.168.0.5 10.10.0.1 netmask 255.255.255.255
I'm trying that now but can't get any access unless I add an additional static such as:
static (inside,outside) 10.10.0.0 10.10.0.0 netmask 255.255.0.0
Does that make sense? What am I doing wrong?
Not sure what you are trying to do here. Nat exemption is bi-directional so it will work both ways so apply it to the inside interface.