I curious if a asa (v7.0.7) can route traffic in and out sub interfaces. Please see the attached diagram. Our ISP is handing off a 802.1q tagged ethernet connection to us. One vlan is for internet connectivity and the other is for a private lan. We have the private lan working correctly with no nat. I'll like to route all internet traffic from the 172.30.1.x network through the asa and out to the internet using 22.214.171.124 as the pat address (of course this is not the real address for this discussion) I'd also like to route traffic from the 172.31.255.x network through the asa to the 172.30.1.x network.
I found I had a no nat statement on the interface in question. Now I'd like to put a ACL on the interface to restrict both inbound and outbound traffic but I'm having a problem getting to work as I'd expect.
OK, lets take a look at them. Now one thing with the ASA that differs from the PIX is that ACL's can be applied inbound or outbound. For simplicity I always apply them inbound. Can you post a line two each way and we'll dissect them?
I think I'm all set now. Not sure what was going on. The strange thing is I never see a entry in the xlate table for a 172.31.253.x address to my pat address though everything is working just fine. Can anyone explain this?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...