05-16-2014 06:27 PM - edited 03-11-2019 09:12 PM
I am using code level 8.2.5
global (dmz) 1 interface
global (outside) 1 interface
nat (dmz) 0 access-list NONAT1
nat (inside) 0 access-list nonat
static (inside,dmz) 10.42.198.176 172.22.196.2 netmask 255.255.255.255
This is in reference to the bold nat command above. The nonat access list is a range of internal subnets in our network. If I use an external access list inbound to the outer ASA interface, can the outside addresses reach the inside address without any issues or do I still have to create a static reference for the inside address even though they are not natted going from the inside interface to the outside interface.
ex.
access-list External-in permit ip any host 10.0.0.1
access-list nonat permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0
Can address 10.1.1.1 have unrestricted access to 10.0.0.1
Thanks
Solved! Go to Solution.
05-19-2014 01:17 AM
Yes, outside host should have unlimited access to the internal host 10.0.0.1 based on the nonat and ACL applied to the outside interface. I am assuming that this is clear text traffic, not via VPN tunnel?
05-19-2014 01:17 AM
Yes, outside host should have unlimited access to the internal host 10.0.0.1 based on the nonat and ACL applied to the outside interface. I am assuming that this is clear text traffic, not via VPN tunnel?
05-19-2014 06:36 AM
Yes it was for clear text. I did a quick test to verify it too...I was getting lazy and didn't really want to set a quick ASA to test. Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide