As we all know Cisco`s new ASA version 8.3 brings massive changes in NAT. This article describes and explains how NAT exemption (no NAT) is now configured.
Below provides examples of both pre and post 8.3 no NAT configurations.
- Local LAN – 192.168.0.0/24
- Remote LAN – 220.127.116.11/24
- Traffic is arriving on the inside interface and leaving the outside interface.
Pre 8.3 a access-list was configured to define the source network and destination network. This access-list is then referenced in a NAT 0 statement to ensure all traffic traveling from the local LAN to the remote LAN is not NAT`d.
access-list NO-NAT permit ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.255.0 nat (inside) 0 access-list NO-NAT
Within 8.3 and later the networks are defined as objects via the use of object groups. These object groups are then referenced within the NAT statement to define both the pre and post NAT (real / mapped) addresses.
object network LOCAL_LAN subnet 192.168.0.0 255.255.0.0
object network REMOTE_LAN
subnet 172.16.0.0 255.255.0.0
nat (inside,outside) source static LOCAL_LAN LOCAL_LAN destination static REMOTE_LAN REMOTE_LAN
To make things clearer you can see the structure of the NAT statement below.
nat (real interface,mapped interface) source static [real_object] [mapped_object] destination s tatic [real_object] [mapped_object]
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an IT Security expert?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial