This is not correct! You cannot use DENY in NAT Exemption. Actually you must use PERMIT to subject IPs to be NAT exempt. For example, to exempt local user from network 10.1.1.0/24 from NATting you must use:
access-list NO-NAT per 10.1.1.0 255.255.255.0 6.6.0.0 255.255.0.0 nat (i) 0 access-list NO-NAT then for example nat (i) 1 0 0 global (o) 1 interface Given the above configuration, hosts from inside network going to 6.6.0.0/16will NOT be translated. Assuming you have no NAT-Control enabled, this will do the trick. Regards, Piotr 2011/12/28 n.issam <[email protected]> > Hi all , > > I need to now if we told as to configure NAT on ASA for inside user when > browsing internet we have to exempt global network from nat > for exemple : > > global network is 6.6.0.0/24 > configuration of nat > > access-list nat deny ip any 6.6.0.0 255.255.0.0 > access-list nat permit ip any any > nat (i) 1 access-list nat > global (o) 1 interface > > If this configuration is correct or we have to exempt also rfc 1918 from > nat > > BR > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
