Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

NAT Question ASA5505

I am configuring a ASA5505 with DMZ. I have local lan 192.168.103/24 and DMZ 10.103.1.0/24. I am able to connect from LAN to DMZ using 10.103.1.0/24 address but not the other way around. I can add either a static or dymanic NAT for this.

I'm not sure how to configure the NAT to allow DMZ host to connect to 192.168.103.0/24. I will control access through ACL rather than trying to "hide" them via NAT from the VPN.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: NAT Question ASA5505

Apologies, there is a typo in the command - should be

static (inside,dmz) 192.168.103.0 192.168.103.0 netmask 255.255.255.0

but you already have this line in your config

static (inside,dmz) 10.103.1.0 192.168.103.0 netmask 255.255.255.0

you need to remove this unless you need it in which case if you need it you can't add the line i gave you.

Jon

5 REPLIES
Hall of Fame Super Blue

Re: NAT Question ASA5505

If you just want to connect from DMZ to real addresses on the inside

static (inside,dmz) 192.168.103.0 192.168.103.0 255.255.255.0

and then as you say allow traffic with an acl on the dmz interface.

Jon

New Member

Re: NAT Question ASA5505

Jon,

It doesn't seem to be letting me add the line

config t >

static (inside,dmz) 192.168.103.0 192.168.103.0 255.255.255.0

I've attached a current config just to you can see the other NATs in place.

Thanks

Hall of Fame Super Blue

Re: NAT Question ASA5505

Apologies, there is a typo in the command - should be

static (inside,dmz) 192.168.103.0 192.168.103.0 netmask 255.255.255.0

but you already have this line in your config

static (inside,dmz) 10.103.1.0 192.168.103.0 netmask 255.255.255.0

you need to remove this unless you need it in which case if you need it you can't add the line i gave you.

Jon

New Member

Re: NAT Question ASA5505

You're an absolute star! I've been looking at this for last few hours and I needed it in by Christmas.

Many many thanks.

I was trying to create a rule each way which was causing my problem I think - ie translate inside to DMZ and DMZ to inside. I think that where the other static came in.

Hall of Fame Super Blue

Re: NAT Question ASA5505

Glad to have helped and thanks for the rating.

Jon

142
Views
0
Helpful
5
Replies
CreatePlease to create content