i`ve change the outside ip here in the forum. Assuming this is my outside ip 188.104.20.250 and this is the gateway 188.104.20.254 for the outside ip, then this is the right way to get it working?

route outside 0 0 188.104.20.254

nat (inside) 1 0 0

global (outside) 1 interface

yes, you are absolutely correct.

and i do not need any other acl`s for that?

If you haven't configured any ACL that has been applied to inside interface, then no, you don't need any ACL.

"sh run access-group" will show you whether there is any ACL applied to any interfaces, and if there is none applied to inside interface, then you don't need to configure any specific ACL. If you have applied ACL on the inside interface, then you need to explicitly allow/permit the internet traffic.

I`m running ASA 8.3 . These commands not working.

ciscoasa(config)# nat (inside) 1 0 0
ERROR: This syntax of nat command has been deprecated.
Please refer to "help nat" command for more details.

ciscoasa(config)# global (outside) 1 interface
ERROR: This syntax of nat command has been deprecated.
Please refer to "help nat" command for more details.

What are the commands in ASA 8.3 ?

:-)

object network obj_any
   subnet 0.0.0.0 0.0.0.0
   nat (inside,outside) dynamic interface

Hmm from outside i can reach 188.104.20.254 and 188.104.20.250 so the outside interface from the asa is reachable.....

Anything is blocking the traffic from inside to outside.... any suggestions?

fyi i have configured one access-group for an internal sub interface....

here it is:

access-group C3_access_in in interface C3
access-group global_access global

Ah, i`m thinking its working now. I can reach the GW 188.104.20.254 ..... but not the ASA outside 188.104.20.250 interface from inside. How can i change this ?

You won't be able to access the ASA outside interface from inside. It's not supported. From inside, you can only access the inside interface of the ASA.

Is your internal network able to access the Internet now?

You mention you have access-group assigned to the internal interface, are you allowing traffic to the internet?

yes now its working. But now NO NAT rule working. Wuaha... any quick suggestion? Its important for now i`m running out of time

I have many nat rules for different clients inside and on subinterfaces..... nothing working... ;(

Ok, we have two external ip ranges. The first ip of one range is configured on the outside interface. The second range is routed over these range from the ISP. How can i use both IPs on the outside interface ?

If the range is not routed over the other range how could i use this IPs? It worked before on another firewall so i think it should be working on the ASA too. On the other firewall we created on the outside interface "aliases" from the other ip range.... how does this work on asa?

NO NAT:

- Create 2 objects, source and destination object

- Create the NAT rule from high security level to low security level

Eg: inside - 10.10.10.0/24, ip pool: 192.168.10.0/24

NO NAT rule:

object network obj-10.10.10.0

     subnet 10.10.10.0 255.255.255.0

object network obj-192.168.10.0

     subnet 192.168.10.0 255.255.255.0

nat (inside,outside) source static obj-10.10.10.0 obj-10.10.10.0 destination static obj-192.168.10.0 obj-192.168.10.0

With 2 public ip addresses ranges, eg: outside ASA is configured with ISP 1 range, you can route the public range from ISP 2 towards the ASA outside interface on the router in front of the ASA.