cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

265
Views
0
Helpful
0
Replies
Highlighted
Beginner

NAT/PAT question

I have a new firewall I am turning up. On the firewall I have 3 dmz interfaces (2 are turned up currently) and an inside interface towards the customers interanl network.

What I am attempting to do is to send traffic to the customers internal networks 10.0.0.0/8 networks, 172.16.0.0/12 and 192.168.0.0/16 networks without doing any NAT.

I want to send any INET destined traffic as the PAT address using the inside interface IP of 10.91.13.17 such as google.com. The DMZ source for this communication is 192.168.14.0/27 CETCNET. I've attached a config. I was thinking a NONAT acl and NAT definition and a global definition along these lines:

object-group network ATK_PRIVATE_NETS

network 10.0.0.0 255.0.0.0

network 172.16.0.0 255.240.0.0

network 192.168.0.0 255.255.0.0

access-list NONAT_CETC permit ip 192.168.14.0 255.255.255.224 object-group ATK_PRIVATE_NETS

access-list CETC_INET_NAT permit ip 192.168.14.0 255.255.255.224 any

nat (CETCNET) 0 access-list NONAT_CETC

nat (CETCNET) 10 access-list CETC_INET_NAT

global (inside) 10 interface

But I still get the feeling I'm missing something. Version is 8.2.(5)29. Looking forward to reading any suggestions anyone might have. I like to keep it simple as possible on firewalls like this.

Everyone's tags (4)