I need some help in establishing communication between my “inside” interface and a third interface called “test” on an ASA 5510. This third interface called “test” is connected to a WatchGuard Firebox which is acting as a VPN device and has an IP address of 192.168.12.81. I have three interfaces setup on the ASA in the following fashion:
ip address xxx.xxx.xxx.xx 255.255.255.248
ip address 192.168.1.1 255.255.255.0
ip address 192.168.12.83 255.255.255.240
The inside interface is able to communicate with the Internet because of this:
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xx 1
Can someone please help with the commands which will allow communication from the inside interface to the test interface? No matter what I have tried, it does not work. I can provide any additional information which is required.
You inside hosts should be able to communicate with hosts on the test interface network (192.168.12.81-94) by virtue of the implicit rule allowing communication from higher to lower security level. (That would be assuming no more restrictive access-list is in place.)
Depending on how you want things to work, you may also need a global (test) statement to nat traffic out the test interface or nat exempt statement. The latter would look something like:
access-list EXEMPT permit ip 192.168.1.0 255.255.255.0 any
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...