Cisco ASA NAT Exemption (post version 8.3)

posted 13 Jul 2015, 08:52 by Tristan Self
The changes to the ASA IOS post version 8.3 changes the way that NAT works. NAT Exemption is normally used to disable translation for certain addresses e.g. for VPN tunnelling.

So for this example below you create an access-list containing the IP addresses that are to be exempted from NAT. So say these are the site to site VPN addresses where is the A end, and is the B end.

# access-list NAT_EXEMPT extended permit ip
# nat (inside) 0 access-list NAT_EXEMPT

This basically says traffic going through the firewall from to through the firewall should not be NATTed.