Hi there, access-list nat-out

lakshmanarao.v · ‎01-21-2015

Hi Everyone,

I have ASA 5510 version 8.2 and dhcp is enabled on ASA. I want to provide internet access to some of the ip addresses. How to do that on ASA . Please help.

RedReddington · ‎01-21-2015

Are you using the GUI or the command line? Post your config so far. Presume you have working zones. Internal and External etc?

rizwanr74 · ‎01-21-2015

Hi lakshmanarao.v

I assume your internal interface is name as: "inside" and internet facing interface is named as "outside" if so please copy the below line, otherwise change the interface's names accordingly to your ASA. This will enable you to access the internet.

- - - - - - - - - - - - - - - - - - - - - - - - -

nat (inside) 1 0 0
global (outside) 1 interface

- - - - - - - - - - - - - - - - - - - - - - - - -

Thanks

Rizwan Rafeek

lakshmanarao.v · ‎01-22-2015

Hi Rizwan,

Thank you for your response.

I know the command you have given allows all the ips internet access. But i dont want to give internet access to all the ips, i want to restrict only to some of the ip addresses. DHCP pool is created on the ASA itself. How to give internet access to few ip addresses.

rizwanr74 · ‎01-22-2015

Hi there,

access-list nat-out extended permit ip 10.20.0.0 255.255.255.0 any
access-list nat-out extended permit ip host 10.0.109.152 any

global (outside) 1 interface
nat (inside) 1 access-list nat-out

In the above example, I have allowed a network subnet (10.20.0.0/24) and a host address to access the Internet and everything else is not permitted to access the internet.

thanks

Rizwan Rafeek

rizwanr74 · ‎01-23-2015

Hi lakshmanarao.v,

If the the question has been answered on this thread, please make it as answered, so that this thread will beneficial to someone else as well.

thanks

Rizwan Rafeek

Internet access on ASA