If I have the /30 on the outside and the /28 on the inside, how do I get the NATing from the /28 to the LAN accomplished?

You can have the ASA with the /30 on the outside and /28 on the inside.
Then, you can create NAT on the ASA using the /30 and the /28.

Even if the /28 is on the inside, you can create the NAT on the ASA with the correct routes.

Federico.

Hello.

Steve if you do not want to NAT the /28 Network (INSIDE) you can go ahead and vreate a NET exemption.

Create an ACL

Access-list NONAT per ip (Public /28 Network) any

NAT (inside) 0 access-list NONAT

With this configuration your /28 network will not be nat'ed by the ASA.

I don't know if I understand your problem

You have a public /30  network in your OUTSIDE and a Public /28 in your inside.  Is that right?

Steve.

Are you going to use the /30 network for the comunication with your ISP and the /28 Network for the NATs?

Diego,

Yes,  the /30 is for communication to the ISP.  The /28 is our useable block of public IP addresses.  The /28 needs to be NATed to the LAN (10.x.y.x/23).

Hello,

Since you are using the same ISP you can go ahead and configure the OUTSIDE with the /30 network and the /28 for the NATs. you will only need to specify One defualt route.

If you need help for the NAT let us know

Diego,

Thanks, I do need help with the NAT.  I also need a port on the ASA to be on the 10.x.y.z/23 private subnet.  Any help you can give on configuration is appreciated.

The \30 is used for the ISP's routing and is invisible to users accessing our domain.  The ISP routes through the /30 to deliver traffic to the /28 we use for our domain.  But I have to terminate our edge equipment to the /30 to get connected to the internet.

send me the current config.