cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
251
Views
0
Helpful
2
Replies

Help with NAT on ASA5510

acraick
Level 1
Level 1

Hi guys,

I have 4 networks with varying security levels. Internal, DMZ1, DMZ2 and External.

I want NAT to only hide the Internal DMZ1 and DMZ2 networks when they connect to the internet via the external internface. When they networks talk to one another there should be no NAT.

Anyone got a sample config? All the examples i've found dont really do what i need.

Thanks all

2 Replies 2

m.sir
Level 7
Level 7

You can do NAT exception with NAT 0 command

Let we say you have following networks

Inside 192.168.1.0

DMZ1 192.168.2.0

DMZ2 192.168.3.0

and you dont want NAT between Inside and DMZs

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

nat(inside) 0 access-list 101

M.

You can also do this..

nat (inside) 1 0 0

nat (dmz) 1 0 0

nat (dmz2) 1 0 0

global (outside) 1 interface

static (inside,dmz1) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

static (dmz1,dmz2) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

static (inside,dmz2) 192.168.3.0 192.168.3.0 netmask 255.255.255.0

ADD appropriate ACLS for traffic..

**assumes that security levels are inside, dmz1, dmz2, outside highest to lowest**

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: