We have a 5550 ASA firewall with no natting implemented at all EXCEPT for one ip address which is being statically NATTED (eg 10.1.1.120 to 126.96.36.199). Our ASDM shows an already existing natting for the entire internal network (10.1.0.0 /16) natted to itself (10.1.0.0 /16) - obviosuly not doing any NAT processing. Therefore can I just remove that entry and have my single static natting in place on it own?
Hi, when you put a entry of natting for single IP address then by default the request goes to Internet by using static one and it must not be used that entry which are using for entire network so it might be a configuration issue so I would advice to verify the conf first or you can post your conf here then I can also check and provide correct information.
this would tell the pix to present the internal addresses of 10.1.x.x to the DMZ as 10.1.x.x. If you removed this then machines in the DMZ would no longer be able to initiate connections from the DMZ to the inside.
So like i say, it depends on what access you need.
JON - we have 2 i/f - inside and oustide. So we have this NAT statement (I just may have inherited it) - & the statement says "nat 10.0.0.0 /16 to 10.0.0.0/16"
In other words - effectively, don't nat (?)
In which case - hey well..heck we are only interested in NAtting one specific IP host and the inside and outside networks are totally different networks. So why not delete the "nat 10.0.0.0 /16 to 10.0.0.0/16" line. I just CANNOT see what it does
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :