Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Help with NAT on ASA5510

Hi guys,

I have 4 networks with varying security levels. Internal, DMZ1, DMZ2 and External.

I want NAT to only hide the Internal DMZ1 and DMZ2 networks when they connect to the internet via the external internface. When they networks talk to one another there should be no NAT.

Anyone got a sample config? All the examples i've found dont really do what i need.

Thanks all

2 REPLIES
Gold

Re: Help with NAT on ASA5510

You can do NAT exception with NAT 0 command

Let we say you have following networks

Inside 192.168.1.0

DMZ1 192.168.2.0

DMZ2 192.168.3.0

and you dont want NAT between Inside and DMZs

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

nat(inside) 0 access-list 101

M.

Silver

Re: Help with NAT on ASA5510

You can also do this..

nat (inside) 1 0 0

nat (dmz) 1 0 0

nat (dmz2) 1 0 0

global (outside) 1 interface

static (inside,dmz1) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

static (dmz1,dmz2) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

static (inside,dmz2) 192.168.3.0 192.168.3.0 netmask 255.255.255.0

ADD appropriate ACLS for traffic..

**assumes that security levels are inside, dmz1, dmz2, outside highest to lowest**

105
Views
0
Helpful
2
Replies
CreatePlease login to create content