[AusNOG] Cisco ASA question
Patrick Cole
z at amused.net
Thu Apr 3 14:51:56 EST 2014
Alex,
If I understand correctly, you maybe want a NAT exemption for the /32?
http://www.fir3net.com/Cisco-ASA/cisco-asa-83-no-nat-nat-exemption.html
Pat
Thu, Apr 03, 2014 at 03:25:46AM +0000, Alex Samad - Yieldbroker wrote:
> Hi
>
> I have a Cisco ASA question for the list.
>
> I have a 5520 (cluster)
>
> int Internet
> int internal
>
> on the internet I have my dGW to the internet, I also have my own class c, lets say 1.2.3.0/24
>
> I have a few object nat's defined for 1.2.3.x/24
>
> I am going to start moving the NAT function away from the ASA.
>
> I have a router inside my network with 1.2.3.129/32 on a look back interface and its advertised internally via OSPF. It can be seen on the ASA
>
> >From my reading I believe I can get the ASA to forward and not nat for .129 if I use Identity NAT
>
> But I can't find any examples for mixed Object NAT and identity NAT
> And I am not sure the identity NAT will respond to ARP on the internet interface
> And I presume I have to add the right permit.
>
> I asked at the cisco forums, but the only person to respond said I couldn't do the /32 trick ...
>
> So I am come to the list
>
> Thanks in advance
>
> Alex
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
More information about the AusNOG
mailing list