Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1063
Views
0
Helpful
3
Replies

ASA5510 8.4 NAT Routing

viper2005
Level 1
Level 1

‎05-04-2012 05:36 AM - edited ‎03-11-2019 04:02 PM

After the Upgrade I have some trouble to setup my needed configuration.

I have 2 active Interfaces:

private 10.10.10.15/24

public 176.xxx.xxx.15/24

I want that the hosts inside the private LAN can reach the Internet and I'm using ASDM for configuration.

Firstly I have created a Network Object "InsideNet" 10.10.10.0/24

As next I have try to configre a NAT Rule and try all NAT Types using my Network Object as Source but no one was the right one.

Can someone tell me what NAT Rule I need to define for my simple requirement?

Labels:
0 Helpful
3 Replies 3

siddhartham
Level 4
Level 4

‎05-04-2012 07:06 AM

object network Private_Net

subnet 10.10.10.0 255.255.255.0

nat  (private, public)  dynamic interface

the above config will nat all the private hosts to the public interface

Siddhartha
0 Helpful

viper2005
Level 1
Level 1
In response to siddhartham

‎05-07-2012 01:11 AM

Thank you, this has really helped but I had must set:

nat (private,public) source dynamic any interface

But it opened a new problem:

This Cisco ASA I only use for NAT Routing and VPN Access to the private Net it's connected to 2 VLAN's (private net, public net) over 2 of it's Interfaces on a managed Switch only (means it don't sit between Router and Switch, as I don't wan't push Internet traffic trough it).

After I connected with AnyConnect I was not able to reach any other Host Inside 10.10.10.0 net, I have try to change my VPN IP Pool from 10.10.10.0 to 10.10.11.0 which don't helped any.

Do you have some idea how I can solve that?

0 Helpful

siddhartham
Level 4
Level 4
In response to viper2005

‎05-07-2012 07:10 AM

"Thank you, this has really helped but I had must set:

nat (private,public) source dynamic any interface"

Are you using an access-list to define your private hosts? Can you send your config and also the network diagram.

for the remote access VPN to work you have to exempt (NAT exempt) few ips from the private network and use them for VPN clients.- modify the ip address pool in your VPN config to 10.10.10.192 255.255.255.224

object network obj-vpnpool

     range 10.10.10.192 10.10.10.224

nat (inside,outside) source static any any destination static obj-vpnpool obj-vpnpool

Siddhartha
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card