×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA nat query

Unanswered Question
Nov 25th, 2011
User Badges:

i have an ASA 5520 runnng 8.4(1)


it has the following interfaces


WAN - public IP


DMZ -  public IP


Prod - 192.168.1.X


for internet access i have the following statement


object network Prod_Subnet_Internet

nat (Production,WAN) dynamic interface


do i need a similar statement if hosts in the Prod network need to access hosts in the DMZ ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cadet alain Fri, 11/25/2011 - 07:58
User Badges:
  • Purple, 4500 points or more

Hi,


If DMZ hosts are not on the internet then you don't need to as by default nat-control is disabled.


Regards.


Alain

Tejas Kunte Fri, 11/25/2011 - 08:05
User Badges:

dmz hosts are on the internet, they all have public IPs

cadet alain Fri, 11/25/2011 - 08:16
User Badges:
  • Purple, 4500 points or more

Hi,


Then you need to do a NAT because private adresses are not routeable on the internet.


Regards.


Alain

Tejas Kunte Fri, 11/25/2011 - 08:27
User Badges:

1 more thing


i am able to ping those dmz ips without a nat stmt


is icmp handled differently ?

Actions

This Discussion