Filter
Top Products
21-33
Cisco ASDM User Guide
OL-16647-01
Chapter 21 Configuring NAT
Using NAT Exemption
Note You can later specify addresses that you do not want to exempt. For example, you can specify a
subnet to exempt such as 10.1.1.0/24, but if you want to translate 10.1.1.50, then you can create
a separate rule for that address that removes the exemption.
Separate multiple real addresses by a comma.
Step 5 Enter the destination addresses in the Destination field, or click the ... button to choose an IP address
that you already defined in ASDM.
Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you enter an
IP address without a mask, it is considered to be a host address, even if it ends with a 0.
Separate multiple destination addresses by a comma.
By default, the field shows any, which allows any destination address.
Step 6 In the NAT Exempt Direction area, choose whether you want to exempt traffic going to lower security
interfaces (the default) or to higher security interfaces by clicking the appropriate radio button.
Step 7 (Optional) Enter a description in the Description field.
Step 8 Click OK.
Step 9 (Optional) If you do not want to exempt some addresses that were included in your NAT exempt rule,
then create another rule to remove the exemption. Right-click the existing NAT Exempt rule, and choose
Insert.
The Add NAT Exempt Rule dialog box appears.
a. Click Action: Do not exempt.
b. Complete steps 3 through 8 to complete the rule.
The No Exempt rule is added before the Exempt rule. The order of Exempt and No Exempt rules is
important. When the security appliance decides whether to exempt a packet, the security appliance tests
the packet against each NAT exempt and No Exempt rule in the order in which the rules are listed. After
a match is found, no more rules are checked.