Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT with 2 SAME SECURITY LEVEL INTERFACES

My current setup is as follows

ASA 5510

E0/0 INTERNET

Security Level 0

E0/1 WAN (connected to Branch offices on MPLS network)

Security Level 100

E/2 LAN

Security Level 100

If i create PAT using internet interface IP for all traffic originiating from LAN, then i lose communication with subnets coming through WAN interface, I have already defined NAT exempt rules, stating that any traffic going to WAN should be exempted from NAT but they do not seems to be working. cisco documentation says i dont need any ACLs or NAT rules for communication between 2 interfaces with same security level, but its just doesnt work.

Can anyone help with this issue

Regards,

Muhammad

5 REPLIES
New Member

Re: NAT with 2 SAME SECURITY LEVEL INTERFACES

The command

same-security-traffic permit inter-interface

permits communication between different interfaces that have the same security level.

http://www.cisco.com/en/US/customer/products/ps6120/products_command_reference_chapter09186a008063f0fb.html#wp1283601

Thanks,

Matt

New Member

Re: NAT with 2 SAME SECURITY LEVEL INTERFACES

Hi MATT,

thanks for your reply

That command has already active, thats why i can talk to WAN interface when NAT is not place, the problem is when i put NAT in place for internet, i lose communication with WAN interface.

Muhammad

New Member

Re: NAT with 2 SAME SECURITY LEVEL INTERFACES

Muhammad,

I see. Sorry, I was hoping that's all you were looking for! If you post your config, hopefully we can figure it out.

Thanks,

Matt

New Member

Re: NAT with 2 SAME SECURITY LEVEL INTERFACES

Matt,

When i have

(NAT (LAN) 1 access-list LAN_PAT ) in place i cant talk to anything on WAN interface, when i remove this rule i can talk to WAN, but can not ofcourse go to internet.

Even i have (NAT0) in place matching traffic which should be exempted from NAT.

New Member

Re: NAT with 2 SAME SECURITY LEVEL INTERFACES

I had to put NAT rules for LAN and WAN interfaces(same security level) to talk to each other because of using DYNAMIC NAT for INTERNET on LAN interface.

117
Views
0
Helpful
5
Replies