I have a ADSL router ahead of my firewall OUTSIDE INTERFACE and ADSL is doing natting for the users who are going to the internet ,i want to disable natting for internal users on my firewall, As if now i have a INTRANET connectivity from my DMZ interface to my rest branches i cannot disable nat-control,I have static natting for my internal servers which are been accessed from branch offices through INTRANET link.
When i specify access-list for full internal subnet.
access-list no-nat permit 10.10.0.0 255.25.0.0
nat (inside) 0 permit access-list exempt
IT GIVESME THE BELOW OUTPUT:
pix#(config)# nat (inside) 0 access-list exempt
ERROR: Cannot mix different types of access lists
ERROR: Access-list "exempt" does not exist
Usage: [no] nat (<if_name>) <nat_id> <local_ip> [<mask>]
[no] nat (if_name) <nat_id> access-list <acl-name>
I thought that the IP which i m using for static natting are getting mixup with nat exempt so i tried with different subnet which is not in my network but still gives me the same error.
How i can achieve the above senario can i specify more than 1 acces-list for nat 0, by exempting the ip address which i m using for static Natting