04-30-2009 08:00 AM - edited 03-11-2019 08:25 AM
I am moving Vendor B connection from a DMZ port on Loc1ASA5520 to the outside interface on Loc25505. I believe I am duplicating the configuration However, it does not seem to be working properly.
I have the following global NAT configured
global (outside) 1 192.168.1.3 netmask 255.255.255.255
nat (inside) 1 192.168.2.1 255.255.255.255
nat (inside) 1 192.168.2.2 255.255.255.255
nat (inside) 1 192.168.2.3 255.255.255.255
I do not have Access-list on outside since no traffic should originate from outside
Would the outside configuration differ from a DMZ configuration?
Let me know if you need more info?
Outside is 192.168.1.2 255.255.255.0
Inside is 192.168.2.254 255.255.255.0
04-30-2009 08:41 AM
Well, according to your outside and inside configuration, this won't work. The nat(inside) commands don't reference a 192.168.2.254 address to go out on. I'm not sure what's not working, but if it's internet access, or any traffic originating from the inside, try adding:
nat (inside) 1 192.168.2.254 255.255.255.255
HTH,
John
04-30-2009 09:23 AM
sorry 192.168.2.254 is IP address on my inside interface.
192.168.2.1 is my first inside host trying to access vendor network and it should translate to 192.168.1.3
04-30-2009 09:26 AM
Can you post a diagram of your topology?
04-30-2009 10:20 AM
04-30-2009 10:24 AM
Ah, yeah, you could take that off and see if it works. (Although I'm sure you've done that already.) :)
John
05-01-2009 01:17 PM
Removing the netmask from the global NAT fixed the issue.
Thanks for your help.
Tom
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: