02-15-2012 02:13 PM - edited 03-11-2019 03:30 PM
Hello,
I've been use to managing our ASA's on firmware 8.2, however we have got a couple of ASA's on firmware 8.4 for a new project and the NAT area especially in the ASDM is very different now, I feel like I know nothing. On these new ASA's on 8.4 that will be in active/standy mode I will be creating a sub interfaces off these by attaching a 3750 and I wondered how the NAT exempts will work, as normally I will have to use exempts as I don't want the source IP to change when going from one interface to another in certain situations and this setup described works well on 8.2, but how can I do this on 8.4 as I don't even see the option for creating NAT exempts, looks like a different world?
Thanks
02-15-2012 03:50 PM
Check these Documents out ..... NAT & ACL setup is same from 8.3 onwards ...
https://supportforums.cisco.com/docs/DOC-9129
https://supportforums.cisco.com/docs/DOC-21602
Manish
02-15-2012 05:53 PM
Actually it's very straightforward in ASDM (and like it should have been in the first place in cli).
Here is an example in both formats:
nat (outside,any) source static
object-group network DM_INLINE_NETWORK_4
network-object object DMZ_network
network-object object phonenet
network-object object servernet
network-object object usernet
02-16-2012 12:47 AM
Thanks for this the image helps alot, what does the rule look like if you edit it in the ASDM?
Also for example if I need a NAT exempt on someone on the inside interface that needs to get to DMZ4, what woudl the ASDM look like and woudl the CLI look like this?
nat (inside,DMZ4) after-auto source static Andy Andy destination static test test
object network Andy
host 192.168.44.11
object network test
host 172.26.5.100
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide