Re: ASA 5520 ACCESS -OUTSIDE TO INSIDE

actkillerby · ‎03-13-2012

We have a 5520 ASA which allows external users access to resources on our internal LAN network. The resources that access is needed to are on a 192.168.x.x subnets. These subnets cannot be routed across our WAN links. All of our external sites are on a 10.x.x.x subnets and are routable across all our WAN links. We are in the process of migrating the servers from 192.168.x.x to a 10.x.x.x address so we can take the ASA out in the near future. The problem I am having is we want to give access to servers on a 10.115.50.0/24 subnet but not NAT the traffic. What would be the rule that would allow access to 10.115.50.0/24 from 10.94.198.0/25 without any NATting but still keep my rules that NAT traffic to the 192.168.x.x

Apologies if this is easy to do but I am not a firewall expert and thanks for looking and responding

Sent from Cisco Technical Support iPad App

CESAR GONZALEZ · ‎03-13-2012

Did you try adding a NAT Exempt Rule, with this option you can specify the source and destination network that will be exempted of the NAT

Sent from Cisco Technical Support iPad App

actkillerby · ‎03-13-2012

Do you have an example I can use please.

Sent from Cisco Technical Support iPhone App

CESAR GONZALEZ · ‎03-13-2012

Are you configuring in CLI or ASDM?

Sent from Cisco Technical Support iPad App

CESAR GONZALEZ · ‎03-13-2012

Example:

access-list inside_nat0_outbound line 12 extended permit ip 10.10.10.0 255.255.255.0 10.20.20.0 255.255.255.0

Sent from Cisco Technical Support iPad App

actkillerby · ‎03-13-2012

From CLI

Thanks

Sent from Cisco Technical Support iPhone App