ASA routing question

Answered Question
Dec 12th, 2007
User Badges:

I curious if a asa (v7.0.7) can route traffic in and out sub interfaces. Please see the attached diagram. Our ISP is handing off a 802.1q tagged ethernet connection to us. One vlan is for internet connectivity and the other is for a private lan. We have the private lan working correctly with no nat. I'll like to route all internet traffic from the 172.30.1.x network through the asa and out to the internet using as the pat address (of course this is not the real address for this discussion) I'd also like to route traffic from the 172.31.255.x network through the asa to the 172.30.1.x network.


Correct Answer by Collin Clark about 9 years 7 months ago

Maybe I'm missing something, why not just PAT as normal on the 'outside' interface?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
JPMJR7111 Wed, 12/12/2007 - 10:16
User Badges:

Is there anywhere to cover the nat/pat out the outside interface?

Correct Answer
Collin Clark Wed, 12/12/2007 - 10:26
User Badges:
  • Purple, 4500 points or more

Maybe I'm missing something, why not just PAT as normal on the 'outside' interface?

JPMJR7111 Wed, 12/12/2007 - 12:08
User Badges:

I found I had a no nat statement on the interface in question. Now I'd like to put a ACL on the interface to restrict both inbound and outbound traffic but I'm having a problem getting to work as I'd expect.

Collin Clark Wed, 12/12/2007 - 12:44
User Badges:
  • Purple, 4500 points or more

OK, lets take a look at them. Now one thing with the ASA that differs from the PIX is that ACL's can be applied inbound or outbound. For simplicity I always apply them inbound. Can you post a line two each way and we'll dissect them?

JPMJR7111 Wed, 12/12/2007 - 13:36
User Badges:

I think I'm all set now. Not sure what was going on. The strange thing is I never see a entry in the xlate table for a 172.31.253.x address to my pat address though everything is working just fine. Can anyone explain this?


This Discussion