This Howtos posted under: Cisco, Firewall | Total Visitors Till Now: 1,807

How to configure policy nat on ASA 5520

To gain access from one internal segment to the Demilitarized Zone (DMZ ), configure the Adaptive Security Appliance (ASA) for natting.

To preserve the packet and assure that natting is bypassed, a no nat statement with an Access Control List (ACL) must be configured. This is performed when the administrator does not want natting to occur.

This is termed as NAT exemption (the nat 0 access-list command). NAT exemption allows both translated and remote hosts to initiate connections. Like identity NAT, translation for a host is not limited on specific interfaces; NAT exemption must be used for connections through all interfaces.

However, NAT exemption does allow for specification of the real and destination addresses when determining the real addresses to translate (similar to policy NAT), so there is greater control with NAT exemption. However, unlike policy NAT, NAT exemption does not consider the ports in the ACL.

Coolsearchinfo - A free Social Bookmarking Site

Liked this article? To continue getting our latest free Howtos and Tutorials,
you can also grab the RSS feed or Subscribe to Techgurulive by Email

Not Getting



Related posts
  • The Virtual Hosts Section in httpd.conf
    Before delving into a discussion on virtual hosts, you need to become familiar with the Virtual Hosts section in the httpd.conf file. The following section (Section 3) contains a few...
  • Cisco IOS Software Zone-Based Policy Firewall Vulnerability
    More: continued here ...