NAT Zero (or) NAT exemption means "I don't want to perform NAT for xxx network go to yyy network".
 |
| Figure (11) NAT Zero (or) NAT Exemption |
In Figure (11)
Outgoing traffic (both internet and site to site vpn) are using same interface.
Let's say interface gi0/0
NAT is required for internet access
NOT required for site to site vpn.
So, we configured
interface gi0/0
ip address x.x.x.x x.x.x.x
ip nat outside
This performs natting for all outgoing traffic
Hence, we have to exclude the site to site vpn route from natting.
below is the configuration for
Cisco Router;
access-list 105 remark natting_rule
access-list 105 deny ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.15.255
access-list 105 deny ip 10.1.2.0 0.0.0.255 192.168.2.0 0.0.15.255
access-list 105 deny ip 10.1.3.0 0.0.0.255 192.168.3.0 0.0.15.255
access-list 105 permit ip 10.1.0.0 0.0.255.255 any
in ASA;
access-list inside_nat0_outbound line 1 extended permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
NAT zero is uses when Internet and site to site VPN is sharing same interface for outgoing traffic.
for NAT, Click HERE
for site to site VPN, Click HERE
for NAT, Click HERE
for site to site VPN, Click HERE
No comments:
Post a Comment