04-30-2009 08:00 AM - edited 03-11-2019 08:25 AM
I am moving Vendor B connection from a DMZ port on Loc1ASA5520 to the outside interface on Loc25505. I believe I am duplicating the configuration However, it does not seem to be working properly.
I have the following global NAT configured
global (outside) 1 192.168.1.3 netmask 255.255.255.255
nat (inside) 1 192.168.2.1 255.255.255.255
nat (inside) 1 192.168.2.2 255.255.255.255
nat (inside) 1 192.168.2.3 255.255.255.255
I do not have Access-list on outside since no traffic should originate from outside
Would the outside configuration differ from a DMZ configuration?
Let me know if you need more info?
Outside is 192.168.1.2 255.255.255.0
Inside is 192.168.2.254 255.255.255.0
04-30-2009 08:41 AM
Well, according to your outside and inside configuration, this won't work. The nat(inside) commands don't reference a 192.168.2.254 address to go out on. I'm not sure what's not working, but if it's internet access, or any traffic originating from the inside, try adding:
nat (inside) 1 192.168.2.254 255.255.255.255
HTH,
John
04-30-2009 09:23 AM
sorry 192.168.2.254 is IP address on my inside interface.
192.168.2.1 is my first inside host trying to access vendor network and it should translate to 192.168.1.3
04-30-2009 09:26 AM
Can you post a diagram of your topology?
04-30-2009 10:20 AM
04-30-2009 10:24 AM
Ah, yeah, you could take that off and see if it works. (Although I'm sure you've done that already.) :)
John
05-01-2009 01:17 PM
Removing the netmask from the global NAT fixed the issue.
Thanks for your help.
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide