https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947936#M435919 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Nat (inside_2) 1 0 0</P><P></P><P>If that does not do it please share the running configuration.</P><P></P><P>Regards,</P><P></P><P>Julio</P><P></P><P>Rate all the posts that help</P></BODY></HTML> Thu, 24 May 2012 23:30:31 GMT Julio Carvajal 2012-05-24T23:30:31Z https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947935#M435918 <P>I am trying to setup a second internal network using interface 0/2 on the ASA.&nbsp; Basically, where I am at now is:</P><P></P><P>ASA</P><P></P><P>INTERFACE ETHERNET0/0</P><P>nameif outside</P><P>security-level 0</P><P>ip address x.x.x.130 255.255.255.128</P><P></P><P></P><P>INTERFACE ETHERNET0/1</P><P>nameif inside</P><P>security-level 100</P><P>ip address 10.185.10.11 255.255.255.0</P><P></P><P>INTERFACE ETHERNET0/2</P><P>nameif <STRONG>inside_2</STRONG></P><P>security-level 100</P><P>ip address 192.168.10.10 255.255.255.0</P><P></P><P>I have a switch coming off of this second interface of the ASA and a client with a static ip of 192.168.10.30.</P><P>I am not sure what I need to do for NAT on this second interface, I am assuming this is my only issue not being able to get out on the internet.&nbsp; Anybody have any idea how to set this up.&nbsp; Natting works just find on our 10.185.10.x network.</P><P></P><P>Thanks, Bob</P> Mon, 11 Mar 2019 23:11:20 GMT https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947935#M435918 swappedsr 2019-03-11T23:11:20Z https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947936#M435919 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Nat (inside_2) 1 0 0</P><P></P><P>If that does not do it please share the running configuration.</P><P></P><P>Regards,</P><P></P><P>Julio</P><P></P><P>Rate all the posts that help</P></BODY></HTML> Thu, 24 May 2012 23:30:31 GMT https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947936#M435919 Julio Carvajal 2012-05-24T23:30:31Z https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947937#M435920 <HTML><HEAD></HEAD><BODY><P>Sounds good, can you explain what that means exactly, the 1 0 0 part.</P><P></P><P>Thanks for the prompt response!</P><P></P><P></P><P>Also, I assume since these two internal networks are at the same security level, by default, they won't be able to contact each other, correct?&nbsp; I actually want it so they cannot reach each other.</P></BODY></HTML> Thu, 24 May 2012 23:47:26 GMT https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947937#M435920 swappedsr 2012-05-24T23:47:26Z https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947938#M435921 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Its saying please nat everything behind the Inside2 interface.</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Fri, 25 May 2012 00:08:36 GMT https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947938#M435921 Julio Carvajal 2012-05-25T00:08:36Z https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947939#M435922 <HTML><HEAD></HEAD><BODY><P>Hi Julio, everything works.&nbsp; The only thing I change was from group 1 to 10.&nbsp; 10 is the group we are using for the global NAT range.&nbsp; Everything worked after that.&nbsp; Now, one last thing, I am assuming there will be no communication between the two internal networks because they are at the same security level, how could if I needed too, have these networks communicate to each other.&nbsp;&nbsp; </P></BODY></HTML> Fri, 25 May 2012 15:03:38 GMT https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947939#M435922 swappedsr 2012-05-25T15:03:38Z https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947940#M435923 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>In order to do that you will need the following command:</P><P></P><P>same-security-traffic permit inter-interface.</P><P></P><P>global (inside2) 10 interface</P><P>global (inside1) 10 interface</P><P></P><P>Regards,</P><P></P><P>Do rate all the posts that help <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>Julio</P><P></P><P>Security Engineer</P></BODY></HTML> Fri, 25 May 2012 23:42:55 GMT https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947940#M435923 Julio Carvajal 2012-05-25T23:42:55Z https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947941#M435924 <HTML><HEAD></HEAD><BODY><P>Hey Julio thanks for the help! Can you explain what the global (inside2) 10 interface means?</P></BODY></HTML> Thu, 31 May 2012 00:51:00 GMT https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947941#M435924 swappedsr 2012-05-31T00:51:00Z https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947942#M435925 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>When NAT control is enabled the traffic will hit a nat statement, then we need to have a global.</P><P></P><P>That is the purpose of the global in here.</P><P></P><P>Is everything working as expected now??</P></BODY></HTML> Thu, 31 May 2012 04:27:02 GMT https://community.cisco.com/t5/network-security/second-internal-interface-asa-5510/m-p/1947942#M435925 Julio Carvajal 2012-05-31T04:27:02Z