Acheter ou Renouveler
Acheter ou Renouveler
annuler
Activer les suggestions
La fonction de suggestion automatique permet d'affiner rapidement votre recherche en suggérant des correspondances possibles au fur et à mesure de la frappe.
Affichage des résultats de 
Rechercher plutôt 
Vouliez-vous dire : 
cancel
Nouveau sujet
125
Visites
0
Compliment
1
Réponses

FW ASA5506 PAT not applied issue

M-AHMED
Level 1
Level 1

‎08-05-2025 08:18 AM - modifié ‎10-05-2025 08:40 AM

Topology.jpgHello everybody,

Iam trying to config a PAT on ASA5506 for my network (Labo CCNA) .

Finally PAT rules is not applied on packets, its forwarded without any change.

you can find attached running-config of ASA5506.

FW#show running-config 
: Saved
:
ASA Version 9.6(1)
!
hostname FW
domain-name wr
enable password J.WhuVJ1RokggMhD encrypted
names
!
interface GigabitEthernet1/1
 nameif insider2
 security-level 100
 ip address 10.0.0.10 255.255.255.252
!
interface GigabitEthernet1/2
 description Link to R1
 nameif insider1
 security-level 100
 ip address 10.0.0.14 255.255.255.252
!
interface GigabitEthernet1/3
 no nameif
 no security-level
 no ip address
 shutdown
!
interface GigabitEthernet1/4
 no nameif
 no security-level
 no ip address
 shutdown
!
interface GigabitEthernet1/5
 no nameif
 no security-level
 no ip address
 shutdown
!
interface GigabitEthernet1/6
 no nameif
 no security-level
 no ip address
 shutdown
!
interface GigabitEthernet1/7
 no nameif
 no security-level
 no ip address
 shutdown
!
interface GigabitEthernet1/8
 nameif outside
 security-level 0
 ip address 209.165.201.1 255.255.255.252
!
interface Management1/1
 management-only
 no nameif
 no security-level
 no ip address
 shutdown
!
object network VLAN10
 subnet 192.168.1.0 255.255.255.0
 nat (insider1,outside) dynamic interface
object network VLAN20
 subnet 192.168.2.0 255.255.255.0
 nat (insider1,outside) dynamic interface
object network VLAN30
 subnet 192.168.3.0 255.255.255.0
 nat (insider1,outside) dynamic interface
!
route outside 0.0.0.0 0.0.0.0 209.165.201.2 1
!
access-list OutSide-Access extended permit tcp any any
access-list OutSide-Access extended permit icmp any any
!
!
access-group OutSide-Access in interface Outside
!
!
class-map inspection_default
 match default-inspection-traffic
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp 
  inspect icmp 
  inspect tftp 
!
service-policy global_policy global
!
telnet timeout 5
ssh timeout 5
!
!
!
!
router ospf 10
 router-id 3.3.3.3
 log-adjacency-changes
 network 10.0.0.20 255.255.255.252 area 0
 network 10.0.0.8 255.255.255.252 area 0
 network 10.0.0.12 255.255.255.252 area 0
!
Étiquettes :
Aperçu du fichier
116 KB
0 Compliments
1 RÉPONSE 1

Richard Burts
Hall of Fame
Hall of Fame

le ‎12-05-2025 10:04 PM

I see where you define objects for vlan10, vlan20, and vlan30. But I do not see anything that says where those are or about how to route to/from them.

HTH

Rick
0 Compliments

Liens rapides

Parcourez les liens directs de la Communauté et profitez de contenus personnalisés en français

Partager un document Rédiger un blog Vidéos Sécurité
Customers Also Viewed These Support Documents