Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

No Natting

i don't want translate inside network segment (172.31.20.0/24). I want it to be able to communicate with outside segment(172.16.54.0/24). How should i configure?

 

     (172.16.54.0/24) outside<<<<firewall>>>>inside (172.31.20.0/24)

                          

1 REPLY

Hi, If you are using ASA 8.2

Hi,

 

If you are using ASA 8.2 or before releases.... then you need to do configure like this.

 

access-list nonat extended permit ip  172.31.20.0 255.255.255.0 172.16.54.0 255.255.255.0

nat (inside) 0 access-list nonat

!

 

sameway if the 172.16.54.0 subnet is on another site, which is behing a FW... then in that firewall also they should do the nonat , required in case of site to site

access-list nonat extended permit ip  172.16.54.0 255.255.255.0 172.31.20.0 255.255.255.0

nat (inside) 0 access-list nonat

!

If you are running 8.3 + version of ASA OS, then here you get

object network lan

subnet 172.31.20.0 255.255.255.0

object lan destination

172.16.54.0 255.255.255.0

!

nat (inside,outside) source static lan lan destination static destination destination no-proxy-arp

!

on the other site.

object network destination

subnet 172.31.20.0 255.255.255.0

object lan lan

172.16.54.0 255.255.255.0

!

nat (inside,outside) source static lan lan destination static destination destination no-proxy-arp

 

Regards

Karthik

 

12
Views
0
Helpful
1
Replies