Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5520 ACCESS -OUTSIDE TO INSIDE

We have a 5520 ASA which allows external users access to resources on our internal LAN network. The resources that access is needed to are on a 192.168.x.x subnets. These subnets cannot be routed across our WAN links. All of our external sites are on a 10.x.x.x subnets and are routable across all our WAN links. We are in the process of migrating the servers from 192.168.x.x to a 10.x.x.x address so we can take the ASA out in the near future. The problem I am having is we want to give access to servers on a 10.115.50.0/24 subnet but not NAT the traffic. What would be the rule that would allow access to 10.115.50.0/24 from 10.94.198.0/25 without any NATting but still keep my rules that NAT traffic to the 192.168.x.x

Apologies if this is easy to do but I am not a firewall expert and thanks for looking and responding

Sent from Cisco Technical Support iPad App

  • Firewalling
5 REPLIES
New Member

Re: ASA 5520 ACCESS -OUTSIDE TO INSIDE

Did you try adding a NAT Exempt Rule, with this option you can specify the source and destination network that will be exempted of the NAT

Sent from Cisco Technical Support iPad App

New Member

Re: ASA 5520 ACCESS -OUTSIDE TO INSIDE

Do you have an example I can use please.

Sent from Cisco Technical Support iPhone App

New Member

Re: ASA 5520 ACCESS -OUTSIDE TO INSIDE

Are you configuring in CLI or ASDM?

Sent from Cisco Technical Support iPad App

New Member

Re: ASA 5520 ACCESS -OUTSIDE TO INSIDE

Example:

access-list inside_nat0_outbound line 12 extended permit ip 10.10.10.0 255.255.255.0 10.20.20.0 255.255.255.0

Sent from Cisco Technical Support iPad App

New Member

Re: ASA 5520 ACCESS -OUTSIDE TO INSIDE

From CLI

Thanks

Sent from Cisco Technical Support iPhone App

235
Views
3
Helpful
5
Replies