04-08-2009 05:48 AM - edited 03-11-2019 08:16 AM
Hey guys,
I'm configuring a FWSM with 3.1(6) and need some help regarding NAT on the outside interface.
I'd like to know if it's possible to use nat-exemption on the outside interface without using a static as I'll be using the statics to translate from a global ip to a local one. So I'd have something like this:
nat (outside) 0 access-list nonat outside
access-list nonat permit 10.1.0.0 255.255.0.0 10.10.0.0 255.255.0.0
So I could then, for example make a static translation such as:
static (inside,outside) 192.168.0.5 10.10.0.1 netmask 255.255.255.255
I'm trying that now but can't get any access unless I add an additional static such as:
static (inside,outside) 10.10.0.0 10.10.0.0 netmask 255.255.0.0
Does that make sense? What am I doing wrong?
Thanks,
Anthony
Solved! Go to Solution.
04-08-2009 06:42 AM
Anthony
Not sure what you are trying to do here. Nat exemption is bi-directional so it will work both ways so apply it to the inside interface.
Jon
04-08-2009 06:42 AM
Anthony
Not sure what you are trying to do here. Nat exemption is bi-directional so it will work both ways so apply it to the inside interface.
Jon
04-08-2009 06:52 AM
Hi Jon,
Perfect - I didn't know it worked like that!
Cheers for the help
Anthony
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide