https://community.cisco.com/t5/network-security/dmz-internet-access/m-p/1743908#M530719 <P>Hi I have the following config on a ASA&nbsp; </P><P></P><P>object network default-pat</P><P>nat (inside,outside) dynamic interface</P><P></P><P>I still cannot reach the internet from the DMZ2. Just worndering if the following config when applied can help or conflict with the existing one. </P><P>object network default-pat</P><P>nat (dmz2,outside) dynamic interface</P> Mon, 11 Mar 2019 21:25:27 GMT sindan 2019-03-11T21:25:27Z https://community.cisco.com/t5/network-security/dmz-internet-access/m-p/1743908#M530719 <P>Hi I have the following config on a ASA&nbsp; </P><P></P><P>object network default-pat</P><P>nat (inside,outside) dynamic interface</P><P></P><P>I still cannot reach the internet from the DMZ2. Just worndering if the following config when applied can help or conflict with the existing one. </P><P>object network default-pat</P><P>nat (dmz2,outside) dynamic interface</P> Mon, 11 Mar 2019 21:25:27 GMT https://community.cisco.com/t5/network-security/dmz-internet-access/m-p/1743908#M530719 sindan 2019-03-11T21:25:27Z https://community.cisco.com/t5/network-security/dmz-internet-access/m-p/1743909#M530721 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I am not sure but I guess you got it upside down, you would need the following config to allow access to the internet:</P><P></P><P>object network default-pat</P><P>nat (dmz2,outside) dynamic interface</P><P></P><P></P><P>It woudl not conflict with:</P><P></P><P>object network default-pat</P><P>nat (inside,outside) dynamic interface</P><P></P><P></P><P>Can you provide me the following outputs:</P><P></P><P>show run access-group</P><P>show run nat</P><P></P><P></P><P>Suggestion:</P><P></P><P>Use the following,</P><P></P><P>object network default-pat</P><P>&nbsp; subnet 0.0.0.0 0.0.0.0</P><P>&nbsp; nat (dmz2,outside) dynamic interface</P><P></P><P>You cannot use same object for two different auto-nat statements, if you do so, it would replace the first nat statement.</P><P></P><P>Hope this helps,</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Thu, 15 Sep 2011 18:39:21 GMT https://community.cisco.com/t5/network-security/dmz-internet-access/m-p/1743909#M530721 varrao 2011-09-15T18:39:21Z https://community.cisco.com/t5/network-security/dmz-internet-access/m-p/1743910#M530723 <HTML><HEAD></HEAD><BODY><P>ASA# show run access-group</P><P>access-group outside_access_in in interface outside</P><P>access-group dmz_access_in in interface dmz</P><P>ASA#</P><P></P><P>ASA# sh run nat</P><P>object network JCV-EX1</P><P>nat (inside,outside) static obj2-x.x.x.99</P><P>object network JCV</P><P>nat (dmz,outside) static obj-x.x.x.101</P><P>object network default-pat</P><P>nat (inside,outside) dynamic interface</P><P>object network JCVTS</P><P>nat (any,any) static obj-x.x.x.100</P><P></P><P>still not sure what config is needed in order for DMZ2 to access the internet</P></BODY></HTML> Thu, 15 Sep 2011 18:58:32 GMT https://community.cisco.com/t5/network-security/dmz-internet-access/m-p/1743910#M530723 sindan 2011-09-15T18:58:32Z https://community.cisco.com/t5/network-security/dmz-internet-access/m-p/1743911#M530726 <HTML><HEAD></HEAD><BODY><P>hI,</P><P></P><P>This is the config that you would need:</P><P></P><P>object network<STRONG> default-pat-test</STRONG></P><P>&nbsp; subnet 0.0.0.0 0.0.0.0</P><P>&nbsp; nat (dmz2,outside) dynamic interface</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Thu, 15 Sep 2011 19:02:43 GMT https://community.cisco.com/t5/network-security/dmz-internet-access/m-p/1743911#M530726 varrao 2011-09-15T19:02:43Z https://community.cisco.com/t5/network-security/dmz-internet-access/m-p/1743912#M530728 <HTML><HEAD></HEAD><BODY><P>Hi..... did that work for you??</P><P></P><P>Varun</P></BODY></HTML> Thu, 15 Sep 2011 22:19:34 GMT https://community.cisco.com/t5/network-security/dmz-internet-access/m-p/1743912#M530728 varrao 2011-09-15T22:19:34Z