NATing/SecPolicy to multiple internal networks ASA5510

jfisher · ‎08-03-2011

I have 2 internal networks:

Eth0/1 192.168.0.0/16 - LAN

Eth0/2 192.168.5.x/24 - Guest

I am trying to NAT an external IP to a Guest host. I create a policy idential to ones that are currently working.

Is there a trick to having NAT policies goto multiple internal networks?

Arvo Bowen · ‎08-03-2011

Do you currently have any NAT rules in your config? Can you paste your show run?

Arvo Bowen · ‎08-03-2011

Just as an example I have the following rules...

nat (inside) 1 10.71.1.0 255.255.255.0

nat (dmz_ftp) 1 10.71.5.0 255.255.255.0

Note: inside and dmz_ftp being my 2 different networks on 2 different interfaces

You could try something like this...

nat (LAN) 1 192.168.0.0 255.255.0.0

nat (Guest) 1 192.168.5.0 255.255.255.0

Note: I'm only guessing the names of your vlan's are LAN and Guest.

jfisher · ‎08-03-2011

I'm in such a hurry I should have been more clear. The NAT from internal to external works. All Guest hosts can connect to the web. I am trying to get an SSH connection established from external sources. I set a security policy like others are configured (using the correct interfaces in each situation). Is there something you have to do to have an external IP range route to different internal networks.

jfisher · ‎08-03-2011

Just got it working. Not sure what I did. Just tried different policy settings. Put it back to the original and now it works. Thanks anyways.

Arvo Bowen · ‎08-03-2011

Sorry, just got a chance to get back to your posts... Sorry I couldn't be more help to ya.