02-02-2010 04:38 AM - edited 03-12-2019 05:38 PM
Hello,
I have ASA 5540 with 8.0 , I want to give internet access on my some DMZ network system so what i do for it? If i do pat then what kind of PAT i do ?
02-02-2010 04:50 AM
Hello Mate,
what you want to do exactely? Permit access from the hosts in the DMZ to the internet or access from the Internet to hosts in the DMZ?
regards
alex
02-02-2010 04:59 AM
No,
I want to permit access internet On DMZ zone system.
02-02-2010 05:14 AM
Why you wanna use PAT instead of NAT?
Do the Hosts on the DMZ have RFC 1918 addressen or public adresses?
if you use RFC 1918 addresses you should create a NAT pool for the outside interface and let the hosts use the nat pool for outbound access.
global (outside) 1 interface
nat (dmz) 1 0.0.0.0 0.0.0.0
If you use public addresses you should use NAT exempt rules.
access-list dmz_nat0_outbound extended permit ip [IP Range of DMZ Zone] [Netmask of DMZ Zone] any
nat (dmz) 0 access-list dmz_nat0_outbound
cheers
Alex
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide