I have a new firewall I am turning up. On the firewall I have 3 dmz interfaces (2 are turned up currently) and an inside interface towards the customers interanl network.
What I am attempting to do is to send traffic to the customers internal networks 10.0.0.0/8 networks, 172.16.0.0/12 and 192.168.0.0/16 networks without doing any NAT.
I want to send any INET destined traffic as the PAT address using the inside interface IP of 10.91.13.17 such as google.com. The DMZ source for this communication is 192.168.14.0/27 CETCNET. I've attached a config. I was thinking a NONAT acl and NAT definition and a global definition along these lines:
object-group network ATK_PRIVATE_NETS
network 10.0.0.0 255.0.0.0
network 172.16.0.0 255.240.0.0
network 192.168.0.0 255.255.0.0
access-list NONAT_CETC permit ip 192.168.14.0 255.255.255.224 object-group ATK_PRIVATE_NETS
access-list CETC_INET_NAT permit ip 192.168.14.0 255.255.255.224 any
nat (CETCNET) 0 access-list NONAT_CETC
nat (CETCNET) 10 access-list CETC_INET_NAT
global (inside) 10 interface
But I still get the feeling I'm missing something. Version is 8.2.(5)29. Looking forward to reading any suggestions anyone might have. I like to keep it simple as possible on firewalls like this.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...