Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
525
Views
0
Helpful
4
Replies

ASA nat query

Tejas Kunte
Level 1
Level 1

‎11-25-2011 06:55 AM - edited ‎03-04-2019 02:24 PM

i have an ASA 5520 runnng 8.4(1)

it has the following interfaces

WAN - public IP

DMZ -  public IP

Prod - 192.168.1.X

for internet access i have the following statement

object network Prod_Subnet_Internet

nat (Production,WAN) dynamic interface

do i need a similar statement if hosts in the Prod network need to access hosts in the DMZ ?

Labels:
0 Helpful
4 Replies 4

cadet alain
VIP Alumni
VIP Alumni

‎11-25-2011 07:58 AM

Hi,

If DMZ hosts are not on the internet then you don't need to as by default nat-control is disabled.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

Tejas Kunte
Level 1
Level 1
In response to cadet alain

‎11-25-2011 08:05 AM

dmz hosts are on the internet, they all have public IPs

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Tejas Kunte

‎11-25-2011 08:16 AM

Hi,

Then you need to do a NAT because private adresses are not routeable on the internet.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

Tejas Kunte
Level 1
Level 1
In response to cadet alain

‎11-25-2011 08:27 AM

1 more thing

i am able to ping those dmz ips without a nat stmt

is icmp handled differently ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card