I guess object nat is almost the same as command "nat (inside,DMZ) source dynamic 192.168.21.0/24 interface, isn't it?
And, I tried that, does not work :-)
Looks like DMZ interface didn't know where to forward the traffic, so no NAT is performed. I tried to remove default route on outside (to internet) and then "nat (inside,outside)" was not working as well.
But I can't add another route for inteface DMZ...And DMZ should know the "default route" by command "nat (DMZ,outside) source dynamic DMZ interface.
Thx anyway for you suggestion.
edit : I managed to inside network be translated finally.
nat (inside,dmz) source dynamic pat-pool PAT-POOL interface destination static ANY any; PAT-POOL is ip address from DMZ subnet
UDP PAT from inside:10.0.0.2/61028 to dmz:192.168.200.222/61028 flags ri idle 0:00:10 timeout 0:00:30 UDP PAT from inside:10.0.0.2/61060 to dmz:192.168.200.222/61060 flags ri idle 0:00:24 timeout 0:00:30 UDP PAT from inside:10.0.0.2/55226 to dmz:192.168.200.222/55226 flags ri idle 0:00:24 timeout 0:00:30 ICMP PAT from inside:10.0.0.2/1 to dmz:192.168.200.222/1 flags ri idle 0:00:01 timeout 0:00:30 ciscoasa(config)#
But but even if I have "nat (dmz,outside) source dynamic dmz interface" command, 192.168.200.222 cannot reach internet :-/
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :