Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

query on global statement

Hi all,

I understand the following statement allows outgoing traffic from the inside network to translate to the asa inside interface address when it passes through the asa but does it also mean that traffic from networks connected to other interfaces eg dmz and outside gets translated to asa inside interface when they get to the inside network?

global (inside) 1 interface

The above is the only NAT statement in my asa. Pls advise. Thks in advance.

5 REPLIES
Red

query on global statement

Hi Don,

The global statement is always depends upon the corresponding nat statement, let me explain you with an example:

nat (inside) 1 10.0.0.0 255.0.0.0

global (outside) 1 interface

Now the two statements make send, the inside networks would get pat to outside interface while going from inside to outside.

If you have a number of these statements then, the corresponding global statement for the nat would depend upon the nat identifier:

global (outside) 1 interface     (nat identifier in bold, the corresponding nat should have same identifier)

If in your configuration you just have only one statement as:

global (inside) 1 interface

then it is of no use.

To verify that, do:

show run nat

show run global

and chcek what all statements you have.

Hope that helps.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

query on global statement

Hi Varun,

Thk you very much for your prompt response. I understand the below 2 statements usually go hand in hand for traffic from private network going out to public network which require a PAT to public ip. However in my setup, the asa is connected to 2 networks which is both private. Hence must it still require the 2 statements below.

nat (inside) 1 10.0.0.0 255.0.0.0

global (outside) 1 interface

Red

query on global statement

No not really, you can just create nat exempt as well for them. You have a few options if both the networks are private, you need not necessarily create a nat n global statenment for it.

Thanksm

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

query on global statement

Hi varun,

Thk you once again. That only nat statement exist in my setup where the asa is connected to 2 private networks.

Hence i would like to know if traffic from networks connected to other interfaces eg dmz and outside  gets translated to asa inside interface when they get to the inside  network?

Red

Re: query on global statement

Hi Don,

Can you give me the outputs of:

show run static

show run nat

show run global

If you just have the statement:

global (outside) 1 interface

then the traffic would not be natted to inside interface, since it does not have a corresponding nat statement.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
187
Views
10
Helpful
5
Replies