07-31-2013 04:56 PM - edited 03-11-2019 07:19 PM
Hi Everyone,
Below is from Cisco LEarning Network site
Referring to the Cisco ASA NAT configuration below
object network one
subnet 10.1.1.0 255.255.255.0
!
object network two
subnet 192.168.1.0 255.255.255.0
!
nat (inside,outside) source static one one destination static two two
Need to understand how below answer is correct?
This is an example of Cisco ASA 8.3 manual NAT to implement NAT exemption.
Regards
MAhesh
Solved! Go to Solution.
07-31-2013 05:14 PM
Hi Mahesh,
Yes, the above configuration achieves a NAT0 type configuration in the new 8.3+ ASA softwares.
In the 8.2 and older softwares we used an ACL to tell the ASA between which networks there should be no translation to the source address.
The above configuration could correspond to the following on the 8.2 software
access-list INSIDE-NAT0 permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list INSIDE-NAT0
And as you have already mentioned the 8.3+ format is
object network one
subnet 10.1.1.0 255.255.255.0
object network two
subnet 192.168.1.0 255.255.255.0
nat (inside,outside) source static one one destination static two two
In the new format you see the same things as you saw in the older format using ACL. It tells between which interfaces this NAT applies. It also tells between which source and destination networks this applies.
Now lets look at the above "nat" statement in all of its parts
And the key things to notice from the configuration.
I am not really sure if I explained the above in the best way I could. Hope it makes any sense
- Jouni
07-31-2013 05:14 PM
Exactly,
As you are basically natting One to One when going to Two. And at the same time Two is being nattted to Two.
So no changes on the IP header will ocurr
Check my blog at http:laguiadelnetworking.com for further information.
Cheers,
Julio Carvajal Segura
07-31-2013 05:26 PM
And to further add to my above explanation,
The above NAT0 configuration will be matched WHEN
The latter 2 points above just indicate which section of the "nat" configuration is matched against the traffic depending behind which interface the traffic is coming from.
- Jouni
07-31-2013 05:14 PM
Hi Mahesh,
Yes, the above configuration achieves a NAT0 type configuration in the new 8.3+ ASA softwares.
In the 8.2 and older softwares we used an ACL to tell the ASA between which networks there should be no translation to the source address.
The above configuration could correspond to the following on the 8.2 software
access-list INSIDE-NAT0 permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list INSIDE-NAT0
And as you have already mentioned the 8.3+ format is
object network one
subnet 10.1.1.0 255.255.255.0
object network two
subnet 192.168.1.0 255.255.255.0
nat (inside,outside) source static one one destination static two two
In the new format you see the same things as you saw in the older format using ACL. It tells between which interfaces this NAT applies. It also tells between which source and destination networks this applies.
Now lets look at the above "nat" statement in all of its parts
And the key things to notice from the configuration.
I am not really sure if I explained the above in the best way I could. Hope it makes any sense
- Jouni
07-31-2013 05:26 PM
And to further add to my above explanation,
The above NAT0 configuration will be matched WHEN
The latter 2 points above just indicate which section of the "nat" configuration is matched against the traffic depending behind which interface the traffic is coming from.
- Jouni
07-31-2013 05:14 PM
Exactly,
As you are basically natting One to One when going to Two. And at the same time Two is being nattted to Two.
So no changes on the IP header will ocurr
Check my blog at http:laguiadelnetworking.com for further information.
Cheers,
Julio Carvajal Segura
07-31-2013 05:42 PM
Hi Jouni,
Another great answer form you.
I will go through your replies in more detail.
Best regards
MAhesh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: