https://community.cisco.com/t5/network-security/query-on-global-statement/m-p/1871550#M489041 <HTML><HEAD></HEAD><BODY><P>Hi varun,</P><P></P><P>Thk you once again. That only nat statement exist in my setup where the asa is connected to 2 private networks. </P><P>Hence i would like to know if traffic from networks connected to other interfaces eg dmz and outside&nbsp; gets translated to asa inside interface when they get to the inside&nbsp; network?</P></BODY></HTML> Sun, 08 Jan 2012 15:29:43 GMT donnie 2012-01-08T15:29:43Z https://community.cisco.com/t5/network-security/query-on-global-statement/m-p/1871546#M489033 <P>Hi all,</P><P></P><P>I understand the following statement allows outgoing traffic from the inside network to translate to the asa inside interface address when it passes through the asa but does it also mean that traffic from networks connected to other interfaces eg dmz and outside gets translated to asa inside interface when they get to the inside network?</P><P>global (inside) 1 interface</P><P></P><P>The above is the only NAT statement in my asa. Pls advise. Thks in advance.</P> Mon, 11 Mar 2019 22:11:43 GMT https://community.cisco.com/t5/network-security/query-on-global-statement/m-p/1871546#M489033 donnie 2019-03-11T22:11:43Z https://community.cisco.com/t5/network-security/query-on-global-statement/m-p/1871547#M489035 <HTML><HEAD></HEAD><BODY><P>Hi Don,</P><P></P><P>The global statement is always depends upon the corresponding nat statement, let me explain you with an example:</P><P></P><P>nat (inside) 1 10.0.0.0 255.0.0.0</P><P>global (outside) 1 interface</P><P></P><P>Now the two statements make send, the inside networks would get pat to outside interface while going from inside to outside.</P><P></P><P>If you have a number of these statements then, the corresponding global statement for the nat would depend upon the nat identifier:</P><P></P><P>global (outside) <STRONG>1</STRONG> interface&nbsp;&nbsp;&nbsp;&nbsp; (nat identifier in bold, the corresponding nat should have same identifier)</P><P></P><P></P><P>If in your configuration you just have only one statement as:</P><P></P><P>global (inside) 1 interface</P><P></P><P>then it is of no use.</P><P></P><P>To verify that, do:</P><P></P><P>show run nat</P><P>show run global</P><P></P><P>and chcek what all statements you have.</P><P></P><P></P><P>Hope that helps.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Sun, 08 Jan 2012 12:57:12 GMT https://community.cisco.com/t5/network-security/query-on-global-statement/m-p/1871547#M489035 varrao 2012-01-08T12:57:12Z https://community.cisco.com/t5/network-security/query-on-global-statement/m-p/1871548#M489038 <HTML><HEAD></HEAD><BODY><P>Hi Varun,</P><P></P><P>Thk you very much for your prompt response. I understand the below 2 statements usually go hand in hand for traffic from private network going out to public network which require a PAT to public ip. However in my setup, the asa is connected to 2 networks which is both private. Hence must it still require the 2 statements below.</P><P></P><P>nat (inside) 1 10.0.0.0 255.0.0.0</P><P>global (outside) 1 interface</P></BODY></HTML> Sun, 08 Jan 2012 13:44:00 GMT https://community.cisco.com/t5/network-security/query-on-global-statement/m-p/1871548#M489038 donnie 2012-01-08T13:44:00Z https://community.cisco.com/t5/network-security/query-on-global-statement/m-p/1871549#M489040 <HTML><HEAD></HEAD><BODY><P>No not really, you can just create nat exempt as well for them. You have a few options if both the networks are private, you need not necessarily create a nat n global statenment for it.</P><P></P><P>Thanksm</P><P>Varun</P></BODY></HTML> Sun, 08 Jan 2012 13:51:56 GMT https://community.cisco.com/t5/network-security/query-on-global-statement/m-p/1871549#M489040 varrao 2012-01-08T13:51:56Z https://community.cisco.com/t5/network-security/query-on-global-statement/m-p/1871550#M489041 <HTML><HEAD></HEAD><BODY><P>Hi varun,</P><P></P><P>Thk you once again. That only nat statement exist in my setup where the asa is connected to 2 private networks. </P><P>Hence i would like to know if traffic from networks connected to other interfaces eg dmz and outside&nbsp; gets translated to asa inside interface when they get to the inside&nbsp; network?</P></BODY></HTML> Sun, 08 Jan 2012 15:29:43 GMT https://community.cisco.com/t5/network-security/query-on-global-statement/m-p/1871550#M489041 donnie 2012-01-08T15:29:43Z https://community.cisco.com/t5/network-security/query-on-global-statement/m-p/1871551#M489042 <HTML><HEAD></HEAD><BODY><P>Hi Don,</P><P></P><P>Can you give me the outputs of:</P><P>show run static </P><P>show run nat</P><P>show run global</P><P></P><P>If you just have the statement:</P><P></P><P>global (outside) 1 interface</P><P></P><P>then the traffic would not be natted to inside interface, since it does not have a corresponding nat statement.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Sun, 08 Jan 2012 16:57:28 GMT https://community.cisco.com/t5/network-security/query-on-global-statement/m-p/1871551#M489042 varrao 2012-01-08T16:57:28Z