Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
0
Helpful
2
Replies

Double NAT

jaggallagher1
Level 1
Level 1

‎03-04-2019 10:06 AM

Right now we are using an ASA in transparent mode between our internet edge router and internal switch. I changed the config to routed mode and made the necessary changes to connect to the internet. But the ASA required me to create a NAT policy to the router and then a NAT policy on the router to the internet which caused what I believed to be double nat and caused servers to lose IP's and brought the network down. How can I get the ASA to pass traffic from the inside interface to the router without NAT? I have configured a network this way before but instead, there were 2 ASA's and 2 Routers and a full layer 3 switch. This small office only has a 2960 with limited layer 3 capabilities

0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎03-04-2019 01:14 PM

Hello,

 

not sure what you are after, NAT exemption ?

 

Here is an example:

 

object network obj_NO_NAT

subnet 192.168.1.0 255.255.255.0

object network REMOTE_NETWORK

subnet 172.16.0.0 255.255.0.0

nat (inside,ouside) source static obj_NO_NAT obj_NO_NAT destination static REMOTE_NETWORK REMOTE_NETWORK

 

Any traffic from 192.168.1.0 to 172.16.0.0 would not be natted.

0 Helpful

Alan Ng'ethe
Level 3
Level 3

‎03-04-2019 07:33 PM

With newer ASAs you should be able to route between interfaces directly without having to use nat. You only need complete route tables and interface or global acls. What's your topology and config like?

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card