Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

No NAT problem...

I have the hosts with Public IP addresses in inside interface of ASA5510(asa 7.1(2))

When I enable NAT for that IP it can reach the Internet, but when i try to enable No NAT for that IP it can't ping Internet.

I tried.

1.Nat (inside) 0 access-list no_nat

access-list no_nat permit ip x.x.x.97 255.255.255.252 any

2. Nat (inside) 0 x.x.x.96 255.255.255.252

3.static (outside,inside) x.x.x.97 x.x.x.97 netmask

255.255.255.255

4.static (outside,inside) x.x.x.97 access-list no_nat

But it is doesn't work at all!!!

I can't no NAT the public IP.

Thanks in adv.

2 REPLIES

Re: No NAT problem...

Hi,

Are you sure your ISP is forwarding your Internal Public subnet?

Regards,

Daniel

Bronze

Re: No NAT problem...

Hello,

# 1 should work (and will take precedence over your other nat statements). Put that in your configuration, and do a clear xlate, and then .97 (that should that be .96) and the other 3 IP addresses will be allowed without translation.

Make sure you do the 'clear xlate' afterwards or it could still use the already built xlate.

If that doesn't work, please include your entire nat configuration for us to check.

--Jason

Please rate this message if it helped solve some/all of your issue.

167
Views
0
Helpful
2
Replies
CreatePlease to create content