Solved: Allowing Traffic through ASA without NAT - Page 2

mcast999 · ‎02-04-2025

Hi!

I have around 20 local networks. Im posting a basic topology with only 4 networks. Each server represents a network.
Everything internally is working fine. Nothing will be going out to the internet. This is all within house. Now there is a
client that needs to access these networks. We only want to allow certain network "10.0.0.0" on the client side to access internal networks.
So we added a firewall between the client and our network. We as well will need to access networks on the client end.

Question is do I need NAT for this? And how do I configure the ASA to allow Outbound traffic into our networks?

Joshqun Ismayilov · ‎02-04-2025

@mcast999 as loopback interfaces typically do not generate NAT traffic as they are not considered "routed" interfaces in many cases

object network EXTERNAL
subnet 10.0.0.0 255.255.255.252

object network INSIDE
subnet 192.168.0.0 255.255.255.0

object network NAT_INSIDE
subnet 192.168.0.0 255.255.255.0

object network NAT_EXTERNAL
subnet 10.0.0.0 255.255.255.252

nat (EXTERNAL,INSIDE) source dynamic NAT_EXTERNAL interface destination static NAT_INSIDE NAT_INSIDE

access-list OUTSIDE_TO_INSIDE extended permit ip 10.0.0.0 255.255.255.252 192.168.0.0 255.255.255.0
access-group OUTSIDE_TO_INSIDE in interface EXTERNAL

Try this one also please share

show xlate | include 10.0.0.

Thanks !