Solved: ASA 5510 internet access for secondary internal network

Ariel Davenport · ‎08-26-2013

I have an ASA 5510 with 1 outside interface configured and 1 inside interface 172.16.1.1, there is a MPLS router on the inside that routes to several differant location. My phone system is on the inside but runs on the 192.168.1.0 network and it needs access to the internet.

From the phone network I can ping the MPLS router 192.168.1.1 and the firewall 172.16.1.194 but can not get internet.

I had to add this route to the firewall to be able to ping it from the phone network

route inside 192.168.1.0 255.255.255.0 172.16.1.191 (MPLS router)

I think that it might be an issue with nat and tried adding a inside,inside nat rule but i probably did it wrong.

Any help would be appreciated.

Jouni Forss · ‎08-26-2013

Hi,

We would really need to see the NAT configurations or atleast know the current software version of the firewall.

But to give you an example

Software Level 8.2 and below

You might have an existing basic Dynamic PAT configuration like below

global (outside) 1 interface

nat (inside) 1 172.16.1.0 255.255.255.0

To enable Dynamic PAT for the other local networks you could simply add

nat (inside) 1 192.168.1.0 255.255.255.0

Software Level 8.3 and above

You could configure Dynamic PAT for all your internal networks with

nat (inside,outside) after-auto source dynamic any interface

Or if you want to specify the networks specifically and allow the source addresses from multiple source interfaces on a single command, then you could use

object-group network PAT-SOURCE

network-object 172.16.1.0 255.255.255.0

network-object 192.168.1.0 255.255.255.0

nat (any,outside) after-auto source dynamic PAT-SOURCE interface

- Jouni

View solution in original post

Jouni Forss · ‎08-26-2013

Hi,