To gain access from one internal segment to the Demilitarized Zone (DMZ ), configure the Adaptive Security Appliance (ASA) for natting.

To preserve the packet and assure that natting is bypassed, a no nat statement with an Access Control List (ACL) must be configured. This is performed when the administrator does not want natting to occur.

This is termed as NAT exemption (the nat 0 access-list command). NAT exemption allows both translated and remote hosts to initiate connections. Like identity NAT, translation for a host is not limited on specific interfaces; NAT exemption must be used for connections through all interfaces.

However, NAT exemption does allow for specification of the real and destination addresses when determining the real addresses to translate (similar to policy NAT), so there is greater control with NAT exemption. However, unlike policy NAT, NAT exemption does not consider the ports in the ACL.

Tags:accesses, acl, asa, command, configuration, configure, connection, determine, hosts, interface, listing, nat, port, ports, secure, Security

Liked this article? To continue getting our latest free Howtos and Tutorials,
you can also grab the RSS feed or Subscribe to Techgurulive by Email

Not Getting

Related posts

The Virtual Hosts Section in httpd.conf

Cisco IOS Software Zone-Based Policy Firewall Vulnerability