05-03-2012 10:47 AM - edited 03-11-2019 04:01 PM
Hi All
We have to add some nating configuration to the ones that we already have.
Actually we nat all the inside traffic from our ASA 5520 to the outside public IP.
We recently add a new public IP network from our ISP. We want to nat a specific inside subnet to an IP from that new public IP network.
We add a new network object rules for our inside subnet we wanted to nat from
We also add our nat instance into the same object group : nat (inside,outside) dynamic [Public IP Address]
Is there any other configuration we should add to make it works.
Note : we compare with another ASA 5520 we have and everything seems to be the same except that the public IP address is on the same subnet.
We also look at the ASA next hop, to make sure the packet are routed to the new public IP network. Everything seems to be ok too !
05-03-2012 11:02 AM
There is no issue. The ISP should route all the packets to the new public IP to the ASA's outside IP.
You have to split the groups that will be nat-ed.
Dan
05-03-2012 11:38 AM
Is there a specific ACL that I need to open ?
Thank you very much.
05-03-2012 11:48 AM
My understanding is that the ASA is used for internet access - this means the traffic is initialized on inside and going to outside. Your ASA is already configured for this - meaning that all the required inside hosts are allowed to access-l the internet - the nat will make different translations based on your rules.
If you configured the new nat rule on the same object-group , I do belive that the old one was overwritten. Can you check that ?
Dan
05-09-2012 11:54 AM
Sorry for the delay. It's been very busy around here!
Yes the old one is overwritten.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide