Home
Certification Preparation
Cisco
CCNA & CCENT
CCNA Security
ASA NAT command explanation?
Robbo777
Hi can someone run through this command with me, i'm well versed in what NAT is etc... Its the actual command i'm interested in:
ASA1(config)# object network LAN ASA1
(config-network-object)# subnet 192.168.1.0 255.255.255.0
ASA1(config)# object network VPN_POOL
ASA1(config-network-object)# subnet 192.168.10.0 255.255.255.0
ASA1(config)# nat (INSIDE,OUTSIDE) source static LAN LAN destination static VPN_POOL VPN_POOL
I'm assuming it's a NAT exemption rule used to stop the translation of VPN remote access traffic back out the ASA outside interface. What i'm trying to wrap my head around is the actual layout of the command.
This is what i see it as.... If i receive an address from the LAN subnet on the inside interface then translate it (or don't) going out the outside interface.
Why is the "LAN" object inserted twice along with VPN_POOL?
Why is the source "static" as opposed to dynamic?
It doesn't look like any "denying" is done anywhere, so why arent the addresses translated.
Cheers, the NAT command on the ASA has always confused me
This is NAT 8.3 and above by the way
Find more posts tagged with
Comments
txraider09
This is a “No NAT” statement. The way that it’s written, it is going from Inside to Outside. The reason the objects are inserted twice is because you are not translating the address. So it’s basically saying from LAN to VPN_POOL, translate it to make it look like from LAN to VPN_POOL. Hence the “No Nat”
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
