09-15-2011 11:15 AM - edited 03-11-2019 02:25 PM
Hi I have the following config on a ASA
object network default-pat
nat (inside,outside) dynamic interface
I still cannot reach the internet from the DMZ2. Just worndering if the following config when applied can help or conflict with the existing one.
object network default-pat
nat (dmz2,outside) dynamic interface
Solved! Go to Solution.
09-15-2011 12:02 PM
hI,
This is the config that you would need:
object network default-pat-test
subnet 0.0.0.0 0.0.0.0
nat (dmz2,outside) dynamic interface
Thanks,
Varun
09-15-2011 11:39 AM
Hi,
I am not sure but I guess you got it upside down, you would need the following config to allow access to the internet:
object network default-pat
nat (dmz2,outside) dynamic interface
It woudl not conflict with:
object network default-pat
nat (inside,outside) dynamic interface
Can you provide me the following outputs:
show run access-group
show run nat
Suggestion:
Use the following,
object network default-pat
subnet 0.0.0.0 0.0.0.0
nat (dmz2,outside) dynamic interface
You cannot use same object for two different auto-nat statements, if you do so, it would replace the first nat statement.
Hope this helps,
Thanks,
Varun
09-15-2011 11:58 AM
ASA# show run access-group
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz
ASA#
ASA# sh run nat
object network JCV-EX1
nat (inside,outside) static obj2-x.x.x.99
object network JCV
nat (dmz,outside) static obj-x.x.x.101
object network default-pat
nat (inside,outside) dynamic interface
object network JCVTS
nat (any,any) static obj-x.x.x.100
still not sure what config is needed in order for DMZ2 to access the internet
09-15-2011 12:02 PM
hI,
This is the config that you would need:
object network default-pat-test
subnet 0.0.0.0 0.0.0.0
nat (dmz2,outside) dynamic interface
Thanks,
Varun
09-15-2011 03:19 PM
Hi..... did that work for you??
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide