03-04-2019 10:06 AM
Right now we are using an ASA in transparent mode between our internet edge router and internal switch. I changed the config to routed mode and made the necessary changes to connect to the internet. But the ASA required me to create a NAT policy to the router and then a NAT policy on the router to the internet which caused what I believed to be double nat and caused servers to lose IP's and brought the network down. How can I get the ASA to pass traffic from the inside interface to the router without NAT? I have configured a network this way before but instead, there were 2 ASA's and 2 Routers and a full layer 3 switch. This small office only has a 2960 with limited layer 3 capabilities
03-04-2019 01:14 PM
Hello,
not sure what you are after, NAT exemption ?
Here is an example:
object network obj_NO_NAT
subnet 192.168.1.0 255.255.255.0
object network REMOTE_NETWORK
subnet 172.16.0.0 255.255.0.0
nat (inside,ouside) source static obj_NO_NAT obj_NO_NAT destination static REMOTE_NETWORK REMOTE_NETWORK
Any traffic from 192.168.1.0 to 172.16.0.0 would not be natted.
03-04-2019 07:33 PM
With newer ASAs you should be able to route between interfaces directly without having to use nat. You only need complete route tables and interface or global acls. What's your topology and config like?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide