Cisco Cisco ASA 5585-X with No Payload Encryption 설치 가이드

Starting in version 8.4(2), identity NAT now performs proxy ARP and uses the NAT configuration to 
determine the egress interface by default. To maintain the functionality that was in 8.3(1), 8.3(2), and 
8.4(2), proxy ARP is disabled, and a route lookup is performed to determine the egress interface using 
the new keywords. If you want to enable proxy ARP (a rare requirement) or use the NAT configuration 
to determine the egress interface, you must manually remove the keyword(s) after migration.

If the unidirectional keyword is present (for example, from an original migration of NAT exemption 
rules to 8.3(2) or 8.4(1)), then the keyword is removed.

 lists static identity NAT migration examples.

Static object 
NAT

object network obj-10.1.1.6

host 10.1.1.6

nat (inside,outside) static 10.1.1.6 

object network obj-10.1.1.6

host 10.1.1.6

nat (inside,outside) static 10.1.1.6 no-proxy-arp route-lookup

Static twice 
NAT with 
unidirectional

nat (inside,any) source static any any destination static obj-192.168.90.0-01 

obj-192.168.90.0-01 unidirectional

nat (inside,any) source static any any destination static obj-192.168.90.0-01 

obj-192.168.90.0-01 no-proxy-arp route-lookup

Static twice 
NAT

nat (inside,any) source static obj-10.1.2.0 obj-10.1.2.0

nat (dmz,outside) source static obj-10.1.2.0 obj-10.1.2.0

nat (inside,any) source static obj-10.1.2.0 obj-10.1.2.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.1.2.0 obj-10.1.2.0 no-proxy-arp route-lookup

This section includes the following topics: