Cisco ASA NAT Exemption

Hi Rene and staff,
i lab this lesson in GNS3 like this
image
S1,S2, S3 are build with GNS3 appliance Networkers’s toolkit
image
Guest-webterm is a linux GUI client with firefox, build with the GNS3 appliance Webterm

My lab works fine, but i want to add these comments and questions
1)
i prefer to name the internal subnet object as “INTERNAL” rather than “INSIDE”, not to be confused between a network object and the name (if) of the internal interface.
So the nat configuration becomes

  • nat (inside,outside) source static INTERNAL INTERNAL destination static LAN2 LAN2
    or
  • nat (inside,outside) source static INTERNAL INTERNAL destination static LAN1 LAN1

Could you clarify this command step by step, because i am confused with the repetition of the network objects ?
Also i am confused with the place of the NAT commands: why are some NAT commands inside network objects, and some others in general config ?

  1. IOS and ASA are quite different when configuring VPN site to site (i used to configure vpn site to site with ios)
    Where you used “authentication pre-share” with IOS in phase 1, you have to use tunnel-group with ASA, is not it ?
    image
    Cisco’s help says you have to use a WORD…but this is not working when you use a word that is not the IP address of the neighbor. The configuration is accepted, but this is not working. Do you know why ? So it is not working, but … suppose you use a WORD: in this case, it should be referenced in another place ? where ?
    Regards