cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
506
Views
3
Helpful
5
Replies

ASA 5520 ACCESS -OUTSIDE TO INSIDE

actkillerby
Level 1
Level 1

We have a 5520 ASA which allows external users access to resources on our internal LAN network. The resources that access is needed to are on a 192.168.x.x subnets. These subnets cannot be routed across our WAN links. All of our external sites are on a 10.x.x.x subnets and are routable across all our WAN links. We are in the process of migrating the servers from 192.168.x.x to a 10.x.x.x address so we can take the ASA out in the near future. The problem I am having is we want to give access to servers on a 10.115.50.0/24 subnet but not NAT the traffic. What would be the rule that would allow access to 10.115.50.0/24 from 10.94.198.0/25 without any NATting but still keep my rules that NAT traffic to the 192.168.x.x

Apologies if this is easy to do but I am not a firewall expert and thanks for looking and responding

Sent from Cisco Technical Support iPad App

5 Replies 5

CESAR GONZALEZ
Level 1
Level 1

Did you try adding a NAT Exempt Rule, with this option you can specify the source and destination network that will be exempted of the NAT

Sent from Cisco Technical Support iPad App

actkillerby
Level 1
Level 1

Do you have an example I can use please.

Sent from Cisco Technical Support iPhone App

Are you configuring in CLI or ASDM?

Sent from Cisco Technical Support iPad App

Example:

access-list inside_nat0_outbound line 12 extended permit ip 10.10.10.0 255.255.255.0 10.20.20.0 255.255.255.0

Sent from Cisco Technical Support iPad App

actkillerby
Level 1
Level 1

From CLI

Thanks

Sent from Cisco Technical Support iPhone App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: