ASA routing question

Answered Question
Dec 12th, 2007

I curious if a asa (v7.0.7) can route traffic in and out sub interfaces. Please see the attached diagram. Our ISP is handing off a 802.1q tagged ethernet connection to us. One vlan is for internet connectivity and the other is for a private lan. We have the private lan working correctly with no nat. I'll like to route all internet traffic from the 172.30.1.x network through the asa and out to the internet using 4.2.2.2 as the pat address (of course this is not the real address for this discussion) I'd also like to route traffic from the 172.31.255.x network through the asa to the 172.30.1.x network.

thanks

Attachment: 
I have this problem too.
0 votes
Correct Answer by Collin Clark about 8 years 11 months ago

Maybe I'm missing something, why not just PAT as normal on the 'outside' interface?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
Loading.
JPMJR7111 Wed, 12/12/2007 - 10:16

Is there anywhere to cover the nat/pat out the outside interface?

Correct Answer
Collin Clark Wed, 12/12/2007 - 10:26

Maybe I'm missing something, why not just PAT as normal on the 'outside' interface?

JPMJR7111 Wed, 12/12/2007 - 12:08

I found I had a no nat statement on the interface in question. Now I'd like to put a ACL on the interface to restrict both inbound and outbound traffic but I'm having a problem getting to work as I'd expect.

Collin Clark Wed, 12/12/2007 - 12:44

OK, lets take a look at them. Now one thing with the ASA that differs from the PIX is that ACL's can be applied inbound or outbound. For simplicity I always apply them inbound. Can you post a line two each way and we'll dissect them?

JPMJR7111 Wed, 12/12/2007 - 13:36

I think I'm all set now. Not sure what was going on. The strange thing is I never see a entry in the xlate table for a 172.31.253.x address to my pat address though everything is working just fine. Can anyone explain this?

Actions

This Discussion