I'm trying to disable NAT from our Linux subet (192.168.8.0) to our DMZ (192.168.5.0) but am failing miserably.
On the IT subnet (192.168.1.0) identity NAT works perfectly, the PC of my workstation translates to itself on the DMZ. So I though, easy enough, just mimic the 192.168.1.0 rules.
Well, I think I've pretty much done that but still no no avail. When I ssh from 192.168.8.19 to 192.168.5.23 it says I'm connected from 192.168.5.240 which is in the DMZ NAT pool.
Here is the grep on an sh xlate:
ASA5520# sh xlate | grep 192.168.8
Global 192.168.8.0 Local 192.168.8.0
Global 192.168.5.240 Local 192.168.8.19
I hope I'm missing something really obvious here.
Also, I know I say this in a lot of my posts but I really love these forums. I'm not great with PIX/ASA yet but hope to return the favor someday.
I've tried "clear xlate" multiple times and when I grep sh xlate again it shows no active translations for these subnets. When I SSH again it still uses the DMZ NAT pool.
Please implement following commands-
no static (inside,dmz) 192.168.8.0 192.168.8.0 netmask 255.255.255.255
static (inside,dmz) 192.168.8.0 192.168.8.0 netmask 255.255.255.0
Issue was with the subnet mask in the static command. Hope that helps.