Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
35-33
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 35 Configuring NAT (ASA 8.2 and Earlier)
Using NAT Exemption
Step 3 In the Original area, from the Interface drop-down list, choose the interface that is connected to the hosts
with real addresses that you want to exempt.
Step 4 Enter the real addresses in the Source field, or click the ... button to choose an IP address that you already
defined in ASDM.
Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you enter an
IP address without a mask, it is considered to be a host address, even if it ends with a 0.
Note You can later specify addresses that you do not want to exempt. For example, you can specify a
subnet to exempt such as 10.1.1.0/24, but if you want to translate 10.1.1.50, then you can create
a separate rule for that address that removes the exemption.
Separate multiple real addresses by a comma.
Step 5 Enter the destination addresses in the Destination field, or click the ... button to choose an IP address
that you already defined in ASDM.
Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you enter an
IP address without a mask, it is considered to be a host address, even if it ends with a 0.
Separate multiple destination addresses by a comma.
By default, the field shows any, which allows any destination address.
Step 6 In the NAT Exempt Direction area, choose whether you want to exempt traffic going to lower security
interfaces (the default) or to higher security interfaces by clicking the appropriate radio button.
Step 7 (Optional) Enter a description in the Description field.
Step 8 Click OK.
Step 9 (Optional) If you do not want to exempt some addresses that were included in your NAT exempt rule,
then create another rule to remove the exemption. Right-click the existing NAT Exempt rule, and choose
Insert.
The Add NAT Exempt Rule dialog box appears.
a. Click Action: Do not exempt.
b. Complete Steps 3 through 8 to complete the rule.
The No Exempt rule is added before the Exempt rule. The order of Exempt and No Exempt rules is
important. When the ASA decides whether to exempt a packet, the ASA tests the packet against each
NAT exempt and No Exempt rule in the order in which the rules are listed. After a match is found, no
more rules are checked.