cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
961
Views
0
Helpful
4
Replies

DMZ internet access

sindan
Level 1
Level 1

Hi I have the following config on a ASA 

object network default-pat

nat (inside,outside) dynamic interface

I still cannot reach the internet from the DMZ2. Just worndering if the following config when applied can help or conflict with the existing one.

object network default-pat

nat (dmz2,outside) dynamic interface

1 Accepted Solution

Accepted Solutions

hI,

This is the config that you would need:

object network default-pat-test

  subnet 0.0.0.0 0.0.0.0

  nat (dmz2,outside) dynamic interface

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

4 Replies 4

varrao
Level 10
Level 10

Hi,

I am not sure but I guess you got it upside down, you would need the following config to allow access to the internet:

object network default-pat

nat (dmz2,outside) dynamic interface

It woudl not conflict with:

object network default-pat

nat (inside,outside) dynamic interface

Can you provide me the following outputs:

show run access-group

show run nat

Suggestion:

Use the following,

object network default-pat

  subnet 0.0.0.0 0.0.0.0

  nat (dmz2,outside) dynamic interface

You cannot use same object for two different auto-nat statements, if you do so, it would replace the first nat statement.

Hope this helps,

Thanks,

Varun

Thanks,
Varun Rao

ASA# show run access-group

access-group outside_access_in in interface outside

access-group dmz_access_in in interface dmz

ASA#

ASA# sh run nat

object network JCV-EX1

nat (inside,outside) static obj2-x.x.x.99

object network JCV

nat (dmz,outside) static obj-x.x.x.101

object network default-pat

nat (inside,outside) dynamic interface

object network JCVTS

nat (any,any) static obj-x.x.x.100

still not sure what config is needed in order for DMZ2 to access the internet

hI,

This is the config that you would need:

object network default-pat-test

  subnet 0.0.0.0 0.0.0.0

  nat (dmz2,outside) dynamic interface

Thanks,

Varun

Thanks,
Varun Rao

Hi..... did that work for you??

Varun

Thanks,
Varun Rao
Review Cisco Networking for a $25 gift card