01-06-2009 07:59 AM - edited 03-11-2019 07:33 AM
We have a 5550 ASA firewall with no natting implemented at all EXCEPT for one ip address which is being statically NATTED (eg 10.1.1.120 to 192.1.150.120). Our ASDM shows an already existing natting for the entire internal network (10.1.0.0 /16) natted to itself (10.1.0.0 /16) - obviosuly not doing any NAT processing. Therefore can I just remove that entry and have my single static natting in place on it own?
01-06-2009 08:05 AM
Hi, when you put a entry of natting for single IP address then by default the request goes to Internet by using static one and it must not be used that entry which are using for entire network so it might be a configuration issue so I would advice to verify the conf first or you can post your conf here then I can also check and provide correct information.
Thanks
01-06-2009 08:06 AM
Peter
It depends. For example
static (inside,dmz) 10.1.0.0 10.1.0.0 netmask 255.255.0.0
this would tell the pix to present the internal addresses of 10.1.x.x to the DMZ as 10.1.x.x. If you removed this then machines in the DMZ would no longer be able to initiate connections from the DMZ to the inside.
So like i say, it depends on what access you need.
Jon
01-06-2009 02:52 PM
JON - we have 2 i/f - inside and oustide. So we have this NAT statement (I just may have inherited it) - & the statement says "nat 10.0.0.0 /16 to 10.0.0.0/16"
In other words - effectively, don't nat (?)
In which case - hey well..heck we are only interested in NAtting one specific IP host and the inside and outside networks are totally different networks. So why not delete the "nat 10.0.0.0 /16 to 10.0.0.0/16" line. I just CANNOT see what it does
01-06-2009 02:53 PM
From the CLI run:
show run nat
show run static
show run global
That will tell you everything about NAT on the firewall.
01-06-2009 07:34 PM
!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide