Cisco ASA firewall has upgraded its command line at the version 8.3 and changed a lot of configurations from their previous style. I recently faced two cases about NO-NAT in both version and want to leave a quick note here.
An access-list is needed to filter the interested traffic. This access-list is then used in NAT 0 to ensure all traffic defined in it is not NATed.
access-list NO-NAT permit ip 188.8.131.52 255.255.255.0 184.108.40.206 255.255.255.0 nat (inside) 0 access-list NO-NAT
ASA gave up the configuration style used before for NO-NAT and mandated to use network object. Network object was introduced earlier and more flexible (Configure Object Groups), though, it was popular in configurations. The new style uses two network objects to define traffic which doesn’t need to be NATed, then render them in new NAT configuration style.
object network INSIDE subnet 220.127.116.11 255.255.0.0 object network OUTSIDE subnet 18.104.22.168 255.255.0.0 nat (inside,outside) source static INSIDE INSIDE destination static OUTSIDE OUTSIDE