Moving connection from ASA5520 DMZ to ASA5505 outside

Unanswered Question
Apr 30th, 2009

I am moving Vendor B connection from a DMZ port on Loc1ASA5520 to the outside interface on Loc25505. I believe I am duplicating the configuration However, it does not seem to be working properly.

I have the following global NAT configured

global (outside) 1 netmask

nat (inside) 1

nat (inside) 1

nat (inside) 1

I do not have Access-list on outside since no traffic should originate from outside

Would the outside configuration differ from a DMZ configuration?

Let me know if you need more info?

Outside is

Inside is

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
John Blakley Thu, 04/30/2009 - 08:41

Well, according to your outside and inside configuration, this won't work. The nat(inside) commands don't reference a address to go out on. I'm not sure what's not working, but if it's internet access, or any traffic originating from the inside, try adding:

nat (inside) 1



thomuff Thu, 04/30/2009 - 09:23

sorry is IP address on my inside interface. is my first inside host trying to access vendor network and it should translate to

John Blakley Thu, 04/30/2009 - 10:24

Ah, yeah, you could take that off and see if it works. (Although I'm sure you've done that already.) :)


thomuff Fri, 05/01/2009 - 13:17

Removing the netmask from the global NAT fixed the issue.

Thanks for your help.



This Discussion