I have this problem. I manage a remote datacenter network from an ASA outside interface.
The same host must be accessed from outside by customers by its natted IP address (200.x.x.1) and, at same time, by staff by its real ip (10.x.x.1) âANDâ by its natted address. Until now no problem, I thought. I created a static nat and a nat exemption this way (10.x.50.0/24 is the staff network):
access-list NO-NAT extended permit ip host 10.x.2.1 10.x.50.0 255.255.255.0
I tried like you said. But it did not work. The problem is that when I ping the address 200.x.x.1, in the inbound direction the echo-request packet gets translated by the second rule, but the echo-reply in the opposite direction was translated by first rule Again asymmetric NAT.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...