nat'ing an external network

Unanswered Question
Aug 2nd, 2010
User Badges:


i'm looking for some advice on a nat issue on a asa 5540 8.2.1

i have a global nat to the outside interface which nats all the trafficfrom the inside to the outside interface address

i now have a requirement to allow the network on my external interface to connect to an internal network and the global nat is causing me issues

is there any way to allow the outside network connected into the inside without translation while a global nat for all traffic exists?

my problem is exercabated by the fact that the external network has another firewall, an old pix, connected to the internet as it default gateway

thanks to anyone taking the time to reply or read this

if it helps i'll gladly attach a network diagram for clarity

thanks again

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nagaraja Thanthry Mon, 08/02/2010 - 17:18
User Badges:
  • Cisco Employee,


If I understand you right, you want the internal network to go to this

particular external network un-natted while for everybody else, you want to

use NAT. You can use either NAT-0 or identity NAT depending upon your



Panos Kampanakis Tue, 08/03/2010 - 15:32
User Badges:
  • Cisco Employee,

An example would be

access-list nonat-acl permit ip host (x is the host you don't want to nat for certain destinations).

nat ( 0 access-list nonat-acl

I hope it helps.



This Discussion