A "NAT 0" means no NAT-ing is happening. This entry is used for the IPsec connection defined in the configuration. The nat command with access list lets you exempt traffic that is matched by the access-list command statements from the NAT services.
yup it's clear and now i know why my vpn used to stop and disconnect when i remove this line.
what i want to do is that i want to remove this line as i cannot use PDM to configure my PIX. so is there a work around and do i have to live with it. basically we are establishing a vpn through pix to vpn concentrator on the other side.
PDM will not allow this and put you into monitor mode. What you need to do (which is a better configuration method anyway), is separate the ACL's with the following:
access-list nonat permit ip 10.x.x.x 192.168.x.x
nat (inside) 0 access-list nonat
access-list 100 permit ip 10.x.x.x 192.168.x.x
crypto map 10 mymap match address 100
This separates your crypto and your nonat ACL's. When you only have one IPSec peer then a lot of people do use the same ACL for both, which is fine, but as you've seen it makes PDM barf. Separating the two ACL's is much better because if at some point later you add a second, third, etc IPSec peer, you simply add a new encryption ACL for the new traffic, and add that to your existing nonat ACL.
I hope this helps and please rate post if it does.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...