Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Understanding NAT

Hi

I've got the following nat config's setup on our firewall, but I'm having difficulty understanding what they mean. Could someone please explain what is happening here:

access-list nonat-dmz extended permit ip host Private_Host 10.0.0.0 255.0.0.0

access-list nonat-inside extended permit ip 10.0.0.0 255.0.0.0 host Private_Host

access-list nat-inside extended permit ip object-group Direct-Internet any

global (outside) 1 x.x.x.x

nat (inside) 0 access-list nonat-inside

nat (inside) 1 access-list nat-inside

nat (dmz) 0 access-list nonat-dmz

Thanks in advance

Dan

1 REPLY
Community Member

Re: Understanding NAT

Hello dan,

basically you have what it's called: "NAT exemption"

when the condition on the access-list nonat-dmz and nonat-inside happens, the firewall lets the traffic to go out without translation, this is common used for VPN interesting traffic. And the other one the nat (inside) 1 access-list nat-inside

it's called Policy NAT, and basically is going to translate the matching condition defined on the access-list nat-inside into the public address or range defined on the global (outside) 1 x.x.x.x

Here is the command reference for PIX/ASA 7.2.2, please check the nat and static statements it has a really good explanation of how the firewall handles the translations:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/index.htm

365
Views
5
Helpful
1
Replies
CreatePlease to create content