Your answer was perfect. I was connected directly to the ASA but needed the NAT statement to get through the outside interface. Somehow I must have deleted that NAT rule. I was able to ping and as soon as I connected the router everything was working.
Is there any risk to leaving the any statement or should I change to something else? I want to grant all outbound traffic from the inside interface.
In my opinion there is no big risk in leaving the command as is. Had you used the command:
nat (any,outside) dynamic interface
then you would be looking at a risk. But as always it is best to be as specific as possible so removing that command from the any object and placing it under an object with a more specific subnet would be better.
Please remember to select a correct answer and rate helpful posts
Please remember to rate and select a correct answer
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...