Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How i do PAT on asa for Internet use on DMZ AND Inside Zone

Hello,

I have ASA 5540 with 8.0 , I want to give internet access on my some DMZ network system so what i do for it? If i do pat then what kind of PAT i do ?

3 REPLIES
New Member

Re: How i do PAT on asa for Internet use on DMZ AND Inside Zone

Hello Mate,

what you want to do exactely? Permit access from the hosts in the DMZ to the internet or access from the Internet to hosts in the DMZ?

regards

alex

New Member

Re: How i do PAT on asa for Internet use on DMZ AND Inside Zone

No,

I want to permit access internet On DMZ zone system.

New Member

Re: How i do PAT on asa for Internet use on DMZ AND Inside Zone

Why you wanna use PAT instead of NAT?

Do the Hosts on the DMZ have RFC 1918 addressen or public adresses?

if you use RFC 1918 addresses you should create a NAT pool for the outside interface and let the hosts use the nat pool for outbound access.

global (outside) 1 interface

nat (dmz) 1 0.0.0.0 0.0.0.0

If you use public addresses you should use NAT exempt rules.

access-list dmz_nat0_outbound extended permit ip [IP Range of DMZ Zone] [Netmask of DMZ Zone] any

nat (dmz) 0 access-list dmz_nat0_outbound

cheers

Alex

338
Views
0
Helpful
3
Replies