I'm using nat exemption, and the following line is in my config:
access-list NONAT line 2 extended permit ip 10.128.0.0 255.255.0.0 10.45.0.0 255.255.0.0 (hitcnt=0) 0xb08b2a3b
From a host on the 10.128.0.0/16 (10.128.100.75), I can't get out. It's trying to route through that interface, but I'm getting the above error. The device in the DMZ is a special device that creates a tunnel to a remote vendor. I'm not sure if they are natting for me or not. Should I let nat happen for the 10.128.0.0 subnet to the 10.45.127.0 subnet?
The 10.45.127.0 subnet is the private side of this device.
If so, can I include it in the NAT exemption acl like this:
permit ip x.x.x.x x.x.x.x y.y.y.y y.y.y
deny ip 10.128.0.0 255.255.0.0 10.45.137.0 255.255.255.0
permit ip 10.128.0.0 255.255.0.0 10.45.0.0 255.255.0.0
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...