08-05-2008 02:45 AM - edited 03-11-2019 06:25 AM
Hi,
How do I disable NAT between two networks on the same asa. Right now the NAT between my two networks 192.168.1.0/24 and 192.168.200.0/24 isn't working so I figured I could do without it.
Tried no nat-control without any luck.
Part of my config:
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address * 255.255.255.248
!
interface Vlan3
nameif dmz
security-level 50
ip address 192.168.200.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
switchport access vlan 3
!
interface Ethernet0/6
!
interface Ethernet0/7
!
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (dmz) 1 0.0.0.0 0.0.0.0
static (dmz,outside) tcp interface ftp 192.168.200.2 ftp netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group 8080_access_in in interface outside
access-group dmz_access_in in interface dmz
route outside 0.0.0.0 0.0.0.0 79.136.112.49 1
Solved! Go to Solution.
08-05-2008 02:54 AM
Robert,
static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (dmz,inside) 192.168.200.0 192.168.200.0 netmask 255.255.255.0
Or you could write a policy nat depending on src & dst networks.
HTH>
08-05-2008 02:55 AM
static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
08-05-2008 02:54 AM
Robert,
static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (dmz,inside) 192.168.200.0 192.168.200.0 netmask 255.255.255.0
Or you could write a policy nat depending on src & dst networks.
HTH>
08-05-2008 02:55 AM
static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: