We have an ASA connected to an external switch connecting two different networks. I have query if we need to put any kind of nat statement for traffic between internal & external network. The brief network flow is ;
User Network > Cisco 3560 > ASA > Cisco 3750X-Core switch > Vlan 16
User Network: 172.16.20.0/24
Vlan 16: 192.168.100.0/24
On Cisco 3750X-Core, there is a default route for traffic towards 172.16.20.0/24 network. Similarly, on the 3560 there is a route for traffic towards Vlan 16 pointing to the ASA interface.
Following are ASA 5585details;
Inside interface : INSIDE ( facing towards the 3750X Core )
Outside interface: OUTSIDE ( facing towards the 3560 switch )
There is no nat configured on ASA & same security traffic is permitted. Do we actually need any nat statement between inside & outside interfaces for this traffic to flow properly.
Appreciate all inputs.
You don't need to NAT if the 192.168.100.0/24 (and upstream networks - that static route needs to be redistributed into any dynamic routing protocols on the 3750X) can properly route to your 172.16.20.0/24 network.
I would ask if INSIDE and OUTSIDE are set to same security level, what are you actually firewalling?