Solved: NAT 0 on Outside Interface FWSM

anthony.baker · ‎04-08-2009

Hey guys,

I'm configuring a FWSM with 3.1(6) and need some help regarding NAT on the outside interface.

I'd like to know if it's possible to use nat-exemption on the outside interface without using a static as I'll be using the statics to translate from a global ip to a local one. So I'd have something like this:

nat (outside) 0 access-list nonat outside

access-list nonat permit 10.1.0.0 255.255.0.0 10.10.0.0 255.255.0.0

So I could then, for example make a static translation such as:

static (inside,outside) 192.168.0.5 10.10.0.1 netmask 255.255.255.255

I'm trying that now but can't get any access unless I add an additional static such as:

static (inside,outside) 10.10.0.0 10.10.0.0 netmask 255.255.0.0

Does that make sense? What am I doing wrong?

Thanks,

Anthony

Jon Marshall · ‎04-08-2009

Anthony

Not sure what you are trying to do here. Nat exemption is bi-directional so it will work both ways so apply it to the inside interface.

Jon

View solution in original post

Jon Marshall · ‎04-08-2009

Anthony

Not sure what you are trying to do here. Nat exemption is bi-directional so it will work both ways so apply it to the inside interface.

Jon

anthony.baker · ‎04-08-2009

Hi Jon,

Perfect - I didn't know it worked like that!

Cheers for the help

Anthony