cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
455
Views
2
Helpful
6
Replies

ASA routing question

JPMJR7111
Level 1
Level 1

I curious if a asa (v7.0.7) can route traffic in and out sub interfaces. Please see the attached diagram. Our ISP is handing off a 802.1q tagged ethernet connection to us. One vlan is for internet connectivity and the other is for a private lan. We have the private lan working correctly with no nat. I'll like to route all internet traffic from the 172.30.1.x network through the asa and out to the internet using 4.2.2.2 as the pat address (of course this is not the real address for this discussion) I'd also like to route traffic from the 172.31.255.x network through the asa to the 172.30.1.x network.

thanks

1 Accepted Solution

Accepted Solutions

Maybe I'm missing something, why not just PAT as normal on the 'outside' interface?

View solution in original post

6 Replies 6

Collin Clark
VIP Alumni
VIP Alumni

Sure, you can do that. Here's a link with an example configuration. You'll need to adjust your security levels from the example.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbecc2e/0#selected_message

HTH and please rate.

Is there anywhere to cover the nat/pat out the outside interface?

Maybe I'm missing something, why not just PAT as normal on the 'outside' interface?

I found I had a no nat statement on the interface in question. Now I'd like to put a ACL on the interface to restrict both inbound and outbound traffic but I'm having a problem getting to work as I'd expect.

OK, lets take a look at them. Now one thing with the ASA that differs from the PIX is that ACL's can be applied inbound or outbound. For simplicity I always apply them inbound. Can you post a line two each way and we'll dissect them?

I think I'm all set now. Not sure what was going on. The strange thing is I never see a entry in the xlate table for a 172.31.253.x address to my pat address though everything is working just fine. Can anyone explain this?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: