Hey Guys,

Please check my below configuration commands on asa 8.3>

Question 1 : i want to send inside/dmz1/dmz3 internet traffic using firewall interface by PAT , please confirm

if  the following commands are correct?

I. nat (any,outside) source dynamic All_PAT-GROUP interface

object-group network All_PAT-GROUP
 description: INSIDE,DMZ1,DMZ3
 network-object object N-192.168.1.0
 network-object object N-192.168.3.0
 network-object object N-10.0.0.0

Question 2:  site 2 LAN pc(10.21.22.x )----core-switch-->FW1 --{out interface->Fw2-....inside interface}---core-switch ------  LAN   - printer   ( 10.1.3.43) site 1

following command is issued on Fw2 &  all the commands are working fine in fw1 .

I want pc 10.21.22.x to talk to 10.1.3.43 on port 9100  , please verify my NAT & ACL statement and give ur feedback? I am trying to configure destination based nat translation here..is this correct

II.nat (outside,inside) source static H-10.249.3.26 H-10.1.3.43 service tcp-9100 tcp-9100 unidirectional description NAT1

access-list out-acl extended permit tcp host 10.21.22.x host10.1.3.43 eq 9100

access-group out-acl in interface outside

HA-Core-Firewall# sh nat de
HA-Core-Firewall# sh nat detail
Manual NAT Policies (Section 1)
1 (any) to (outside) source dynamic All_PAT-GROUP interface
    translate_hits = 0, untranslate_hits = 0
    Source - Origin: 10.0.0.0/8, 192.168.1.0/24, 192.168.3.0/24, Translated: 213.42.54.230/30
2 (outside) to (inside) source static H-10.249.3.26 H-10.1.3.43   service tcp-9100 tcp-9100 unidirectional description NAT1
    translate_hits = 0, untranslate_hits = 0
    Source - Origin: 10.249.3.26/32, Translated: 10.1.3.43/32
    Service - Origin: tcp source gt 0 destination eq 9100 , Translated: tcp source gt 0 destination eq 9100

Appreciate your quick response.

Regards,

Akber Mirza.