cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1183
Views
0
Helpful
12
Replies

Help Needed with ASA 8.3+ NAT

paulstone80
Level 3
Level 3

Hi,

I'm having an issue configuring NAT on an ASA running 8.3. Hopefully someone can point me in the right direction.

I've managed to configure NAT from the Inside interface to the DMZ, using PAT, so that the traffic is hidden behind the IP of the DMZ interface. This seems to work ok.

object network obj_any-18

subnet 0.0.0.0 0.0.0.0

object network obj_any-18

nat (inside,dmz1.005) dynamic interface

The problem I have is when I try to configure a rule for traffic that originates in the DMZ back to the Inside. I can't seem to get any traffic to flow from the DMZ to the Inside, and sometimes I manage to stop traffic flowing in both directions!

What would be the best way to configure the return traffic from the DMZ to the Inside.

Thanks,

Paul

HTH Paul ****Please rate useful posts****
12 Replies 12

varrao
Level 10
Level 10

I hope you not using the same object network again for it, since you cannot do that with auto nat, try this:

object network obj_any-100

  subnet 0.0.0.0 0.0.0.0

   nat (dmz1.005,inside) dynamic interface

Moreover what device are you using?? is it 5505?? what license does it have??

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

paulstone80
Level 3
Level 3