I have an ASA 5510 (OS 7.0.2) that seperates a remote access subnet from a ecommerce subnet.
What I want to implement is configuration that says, by default, NAT from the remote access subnet is not required however some specific addresses need to be NAT'd.
I am thinking of implementing the following confg but I'm not certain it will work and I do not have a test environment to test in:
! By default, traffic is NAT'd to 184.108.40.206
nat (remote_access_if) 1 0.0.0.0 0.0.0.0
global (ecommerce_subnet_if) 1 220.127.116.11
! Specified traffic not to NAT
access-list NAT_EXCEPTIONS extended permit ip and 10.1.1.0 255.255.255.0
access-list NAT_EXCEPTIONS extended permit ip and 10.1.2.0 255.255.255.0
! Do not NAT specified traffic
nat (remote_access_if) 2 access-list NAT_EXCEPTIONS
global (ecommerce_subnet_if) 2 0.0.0.0
My fear is this will NAT traffic I dont want NAT'd to 0.0.0.0.
Can anyone confirm if my config suitable to meet my objectives?