Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

NAT 0 on Outside Interface FWSM

Hey guys,

I'm configuring a FWSM with 3.1(6) and need some help regarding NAT on the outside interface.

I'd like to know if it's possible to use nat-exemption on the outside interface without using a static as I'll be using the statics to translate from a global ip to a local one. So I'd have something like this:

nat (outside) 0 access-list nonat outside

access-list nonat permit 10.1.0.0 255.255.0.0 10.10.0.0 255.255.0.0

So I could then, for example make a static translation such as:

static (inside,outside) 192.168.0.5 10.10.0.1 netmask 255.255.255.255

I'm trying that now but can't get any access unless I add an additional static such as:

static (inside,outside) 10.10.0.0 10.10.0.0 netmask 255.255.0.0

Does that make sense? What am I doing wrong?

Thanks,

Anthony

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: NAT 0 on Outside Interface FWSM

Anthony

Not sure what you are trying to do here. Nat exemption is bi-directional so it will work both ways so apply it to the inside interface.

Jon

2 REPLIES
Hall of Fame Super Blue

Re: NAT 0 on Outside Interface FWSM

Anthony

Not sure what you are trying to do here. Nat exemption is bi-directional so it will work both ways so apply it to the inside interface.

Jon

Community Member

Re: NAT 0 on Outside Interface FWSM

Hi Jon,

Perfect - I didn't know it worked like that!

Cheers for the help

Anthony

142
Views
0
Helpful
2
Replies
CreatePlease to create content