ASA NAT Control

The last task in this lab seems to overlap with pervious ones. It seems as though the first 2 NAT commands are not needed given the 3rd one.

Task:All other traffic from VLAN 59 should be translated with the original IP address preserved.


access-list NAT_EXEMPT permit ip host

nat (VLAN59) 0 access-list NAT_EXEMPT

nat (VLAN59) 0


  • Hi,

        First bullet requires static NAT (so traffic can be bidirectionally initiated), second bullet requires NAT exempt (so there is no translation in the table for the traffic), the last bullet requires dynamic identity NAT (which means traffic cannot be bidirectionally established). So, while it seems to be an overlap, it is not.




  • Ok so given this first bullet is low to high that adds the requirement for bidirectional right?

    So with NAT Exemption there is no translation which is different than the other bullets which there is a translation but just transalted to it self.

    The rest makes sense.

Sign In or Register to comment.