Is there a simpler way of stopping NAT for specific interfaces on an ASA5505?

- A
- Andrew Hodgson
  
  Contact options for registered users
posted
15 years ago

Thu, Apr 16, 2009 7:08 PM

Hi,

Currently I have a DMZ interface, and a LAN interface which is on

192.168.1.0.

I have the following command in the firewall to allow traffic to flow between the DMZ and inside interface without NAT:

static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

Now, I have some other subnets on the inside network, and I want to observe the no NAT with those as well for traffic on the DMZ. I could list out all the networks, or use a larger subnet mask, but my question is: Is this the best way of doing this?

Thanks. Andrew.

Loading thread data ...

- B
- bod43
  
  Contact options for registered users
Vote on answer
posted
15 years ago

Fri, Apr 17, 2009 1:32 AM

I am far from a pix expert (may only have done one or two from scratch) but I think that you define the addresses that you do not want to nat with the

nat 0 !

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.