Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT exempt

Hello,

Can somebody explain the difference between the commands:

static (inside,dms) 10.1.0.0 10.1.0.0 netmask 255.255.0.0

and

nat (inside) 0 access-list NoNat

access-list NoNat permit ip 10.1.0.0 255.255.0.0 any

After Updating from 7.x to 8.x the second command doesn't work anymore. Because there was no translation group.

Kind regards,

Martien

  • Firewalling
1 REPLY
Gold

Re: NAT exempt

access-list NoNat will cause ALL traffic from 10.1.0.0/16 to not be NAT'ed, no matter where its going.

your static NAT entry will only cause 10.1.0.0/16 to not get NAT'ed if it's going to the dmz interface, otherwise it is subject to other nat (inside) rules.

217
Views
0
Helpful
1
Replies
This widget could not be displayed.