Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Nat's and Nat Exempts on ASA 8.4, I'm only use to 8.2.

Hello,

I've been use to managing our ASA's on firmware 8.2, however we have got a couple of ASA's on firmware 8.4 for a new project and the NAT area especially in the ASDM is very different now, I feel like I know nothing.  On these new ASA's on 8.4 that will be in active/standy mode I will be creating a sub interfaces off these by attaching a 3750 and I wondered how the NAT exempts will work, as normally I will have to use exempts as I don't want the source IP to change when going from one interface to another in certain situations and this setup described works well on 8.2, but how can I do this on 8.4 as I don't even see the option for creating NAT exempts, looks like a different world?

Thanks

3 REPLIES

Nat's and Nat Exempts on ASA 8.4, I'm only use to 8.2.

Check these Documents out ..... NAT & ACL setup is same from 8.3 onwards ...

https://supportforums.cisco.com/docs/DOC-9129

https://supportforums.cisco.com/docs/DOC-21602

Manish

Hall of Fame Super Silver

Nat's and Nat Exempts on ASA 8.4, I'm only use to 8.2.

Actually it's very straightforward in ASDM (and like it should have been in the first place in cli).

Here is an example in both formats:

nat (outside,any) source static destination static DM_INLINE_NETWORK_4 DM_INLINE_NETWORK_4

object-group network DM_INLINE_NETWORK_4

network-object object DMZ_network

network-object object phonenet

network-object object servernet

network-object object usernet

New Member

Nat's and Nat Exempts on ASA 8.4, I'm only use to 8.2.

Thanks for this the image helps alot, what does the rule look like if you edit it in the ASDM?

Also for example if I need a NAT exempt on someone on the inside interface that needs to get to DMZ4, what woudl the ASDM look like and woudl the CLI look like this?

nat (inside,DMZ4) after-auto source static Andy Andy destination static test test

object network Andy
host 192.168.44.11
object network test
host 172.26.5.100

460
Views
0
Helpful
3
Replies
CreatePlease login to create content