03-13-2012 01:19 PM - edited 03-11-2019 03:41 PM
We have a 5520 ASA which allows external users access to resources on our internal LAN network. The resources that access is needed to are on a 192.168.x.x subnets. These subnets cannot be routed across our WAN links. All of our external sites are on a 10.x.x.x subnets and are routable across all our WAN links. We are in the process of migrating the servers from 192.168.x.x to a 10.x.x.x address so we can take the ASA out in the near future. The problem I am having is we want to give access to servers on a 10.115.50.0/24 subnet but not NAT the traffic. What would be the rule that would allow access to 10.115.50.0/24 from 10.94.198.0/25 without any NATting but still keep my rules that NAT traffic to the 192.168.x.x
Apologies if this is easy to do but I am not a firewall expert and thanks for looking and responding
Sent from Cisco Technical Support iPad App
03-13-2012 03:24 PM
Did you try adding a NAT Exempt Rule, with this option you can specify the source and destination network that will be exempted of the NAT
Sent from Cisco Technical Support iPad App
03-13-2012 03:29 PM
Do you have an example I can use please.
Sent from Cisco Technical Support iPhone App
03-13-2012 03:30 PM
Are you configuring in CLI or ASDM?
Sent from Cisco Technical Support iPad App
03-13-2012 03:34 PM
Example:
access-list inside_nat0_outbound line 12 extended permit ip 10.10.10.0 255.255.255.0 10.20.20.0 255.255.255.0
Sent from Cisco Technical Support iPad App
03-13-2012 03:38 PM
From CLI
Thanks
Sent from Cisco Technical Support iPhone App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: