Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
885
Views
0
Helpful
1
Replies

Public IP addresses on DMZ (SA520)

terje.eggestad
Level 1
Level 1

‎03-01-2012 03:59 AM - edited ‎03-11-2019 03:37 PM

Hi

I just bought an SA520 to replace my existing FW.

The thing is that I have private IP adresses on my LAN, and I have been issued a public IP network for my DMZ by my ISP.

Meaning I want to NAT my LAN but not my DMZ, but I can't seem to find a way in the 520 to do that. I can only find the oprion to turn off NAT all together.

Anyone know how to do this?

TJ

Labels:
0 Helpful
1 Reply 1

svaish
Level 1
Level 1

‎03-05-2012 01:00 AM

YOu can configure different types of NAT on ASA5520,

As you mentioned that you have a public ip address rage alloted for the internal uses you can bypass nat all together as well.

Please refer to the following link for more information on configuring NAT, it is must to understand what we are doing first

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_overview.html

A quick suggestin to use PAT.

Since your inside users wants to go to outside network I believe via OUTSIDE Interface only!!!

you can use the following commands

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

1 is the NAT-ID here

it can be different as well, change it to any number if already used.

Please post if there are other specific questions.

Sachin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card