We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 536 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


308 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Notable Replies

  1. pbyrne says:

    Excellent article Rene, have Cisco included the no-proxy-arp as implied on nat statements in the 9.x code ?

    this seemed to cause problems on 8.3 code with the Asa Arping for the internal web/mail server


  2. Hi Paul,

    Proxy arp can be a pain sometimes but I think the default since 8.4 is to have it enabled on the ASA. It is enabled on my ASA 9.5:

    ASA1# sh run all sysopt | i proxy
    no sysopt noproxyarp OUTSIDE
    no sysopt noproxyarp INSIDE

    ASA1(config)# show version | incl Version
    Cisco Adaptive Security Appliance Software Version 9.5(1)201 
    Device Manager Version 7.5(1)


  3. Hi Rene,

    Thank you for your Article , its very good and simple to understand. I need your help to know how to configure the same thing But if ASA has a version 8.2 , i means the version with it Before 8.4 that you have do it in your example. Per my understanding its totally different and more complicated.

    Would you mind please give me a summary about that with a simple example.

    Thank you

  4. Hi Sinan,

    Glad to hear you like it. I probably won't do this example for 8.2 as it might take some time and 8.2 is pretty old by now.


  5. Hi Rene,

    I have the following NAT Rule and I've broken it down the way you did in your example:

    nat (Outside,Outside) source static MITH-PROD_1 NAT_MIRTH_PROD_1 destination static RWJBH_Rawway_NAT RWJBH_NewBrunswick

    • (Outside,Outside): we are translating traffic from the outside that is going to the outside, this is the hairpinning part/u turn nat.
    • source static MIRTH-PROD_1 NAT_MIRTH_PROD_1 the source of the traffic has to be host and it has to be translated to the IP address of, this will be
    • destination static RWJBH_RAAY_NAT RWJBH_NEWBRUNSWICK: the destination of the traffic is and it has to be translated to customers real addresses.

    The part I'm having a little confusion on is the destination part. Can you help clear this portion up in a simple way that is easy to understand?


Continue the discussion forum.networklessons.com

6 more replies