Solved: Global statement without a Nat statement

marktaipp · ‎09-29-2012

Hi,

On our ASA 5510 (running IOS 7.2) we have a global statement that does not have a corresponding nat statement e.i. global (outside) 2 x.x.x.x , but no nat (inside) 2 blah 255.255.0.0

I am assuming that this is a mistake and that global without a nat pair does nothing. Or does it?

Thanks

Mark

Jennifer Halim · ‎09-29-2012

you are absolutely correct, nat/global statements needs to come in pair.

View solution in original post

Jennifer Halim · ‎09-29-2012

you are absolutely correct, nat/global statements needs to come in pair.

Jon Marshall · ‎09-30-2012

Mark

Worth checking if you have any other interfaces on the firewall other than the inside interface to see if there is a nat (interface) 2 statement.

Jon

marktaipp · ‎09-30-2012

Hi Jon,

The firewall has three interfaces inside, outside and DMZ. But is also no "nat (DMZ) 2 blah 255.255.255.0" statement to match the global. I have inherited the config and think that a nat/global pair was but in for what ever resaon, then half pulled out. I wanted to make sure that global statement by itself did nothing and could be removed.

Thanks for your suggestion.

Mark

Global statement without a Nat statement

the statement about using DH5

Link-State Advertisements 'LSA' OSPF - Basis -

Adding New VLAN to Existing Spanning Tree Statement

Confusing NAT statements

bgp match community" statement used in route-map