Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1762
Views
0
Helpful
5
Replies

nat (inside) 0

crenatovb.vix
Level 1
Level 1

‎09-10-2014 05:25 AM

Friends,

Can anyone help me?

How do I configure "no nat" in version 8.4(4) of the ASA?

Example:

Local network: 192.168.135.0/24
Remote Network: 192.168.137.0/24

Before:

# access-list extended permit ip Nonat 192.168.135.0 255.255.255.0 192.168.137.0 255.255.255.0
#nat (inside) 0 access-list Nonat

How do these same settings in version 8.4(4) of the ASA?

When entering command "nat (inside) 0 access-list Nonat"
ERROR: This syntax of nat command Has Been deprecated.
Please refer to "help nat" command for more details.

 

Is this correct?

 

#object network network-local

     #subnet 192.168.135.0 255.255.255.0

#object network network-remote

     #subnet 192.168.137.0 255.255.255.0

#nat (inside,outside) source static rede-local rede-local destination static rede-remota rede-remota no-proxy-arp

#nat (outside,inside) source static rede-remota rede-remota destination static rede-local rede-local no-proxy-arp

Labels:
0 Helpful
5 Replies 5

Karsten Iwen
VIP
VIP

‎09-10-2014 06:18 AM

You typically need only one NAT for that:

nat (inside,outside) source static rede-local rede-local destination static rede-remota rede-remota no-proxy-arp route-lookup

The other direction (outside,inside) is not needed. Depending on the rest of your setup you need to add the keyword "route-lookup".

And you should read Jounis very excellent document on ASA 8.3+ NAT:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

0 Helpful

crenatovb.vix
Level 1
Level 1
In response to Karsten Iwen

‎09-10-2014 09:53 AM

Thank you, Karsten Iwen.

After configuring and testing, I inform if I succeeded.

0 Helpful

Raja Periyasamy
Level 1
Level 1

‎09-10-2014 07:39 AM

Also add route-lookup at the end of the NAT statement if it is version 8.4 and above.

nat (inside,outside) source static rede-local rede-local destination static rede-remota rede-remota no-proxyarp route-lookup

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Raja Periyasamy

‎09-10-2014 07:53 AM

Also note the mismatch between the object names configured and the object names used in the nat statement.

 

HTH

 

Rick

HTH

Rick
0 Helpful

crenatovb.vix
Level 1
Level 1
In response to Raja Periyasamy

‎09-10-2014 09:55 AM

Thank you, Raja and Richard.

After configuring and testing, I inform if I succeeded.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents