Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

trouble with removing NAC and letting traffic through


I have a simple network setup that at once had a NAT setup on it. I am trying to remove it so the IP from the inside is the same when it goes past the outside interface. It was originally setup with a global NAT and static entries. I removed the NAT and left the static entries. As long as I have the startic entry with it translating it from one subnet to the other the traffic gets through (example: static (inside,outside) netmask ). But when I adjust the static statement to reflect the same IP ( static (inside,outside) netmask ) the traffic does not get to the router. I have tried removing the static route all togehter and it does not do any good either. I tried using a Identity NAT statement, but that did not seem to work with the static (using the same IP, if I had the statement set to translate like in the first example it worked) or without. Since I am very new to working with Firewalls and I did not set this up I want to run this by some more professional eyes. Below is the entire FW configuration. If you need more information please ask. If you need the router config I can post it, but I really think it is a Firewall problem and it has to do with going between 2 different subnets (inside and outside interfaces). I need to set it up so IP from inside is retained when it goes past the outside interface. Any help would be appreciated



Firewall configuration

ASA Version 7.0(8)


hostname Firewall1

enable password iMImA2JOC1SD encrypted

passwd 2KFQnbNIdI. encrypted





interface Ethernet0/0

duplex full

nameif outside

security-level 0

ip address


interface Ethernet0/1

nameif inside

security-level 100

ip address


interface Ethernet0/2


no nameif

no security-level

no ip address


interface Management0/0

nameif management

security-level 100

ip address



ftp mode passive

access-list acl_out extended permit ip any any

access-list acl_in extended permit ip any any

pager lines 24

logging enable

logging timestamp

logging monitor notifications

logging buffered debugging

logging trap informational

logging asdm informational

logging host inside

logging debug-trace

mtu outside 1500

mtu inside 1500

mtu management 1500

icmp permit any outside

asdm image disk0:/asdm-508.bin

no asdm history enable

arp timeout 14400

static (inside,outside) netmask

static (inside,outside) netmask

static (inside,outside) netmask

static (inside,outside) netmask

static (inside,outside) netmask

static (inside,outside) netmask

static (inside,outside) netmask

static (inside,outside) netmask

static (inside,outside) netmask

access-group acl_out in interface outside

access-group acl_in in interface inside

route outside PERIM-RTR 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http inside

http inside

http inside

http management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable management


class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

  inspect dns maximum-length 512

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect icmp


service-policy global_policy global

Everyone's tags (2)
Cisco Employee

trouble with removing NAC and letting traffic through

Hi Glenn,

What does the output of  'show ip route' on the router give you?


CreatePlease to create content