cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
400
Views
10
Helpful
5
Replies

query on global statement

donnie
Level 1
Level 1

Hi all,

I understand the following statement allows outgoing traffic from the inside network to translate to the asa inside interface address when it passes through the asa but does it also mean that traffic from networks connected to other interfaces eg dmz and outside gets translated to asa inside interface when they get to the inside network?

global (inside) 1 interface

The above is the only NAT statement in my asa. Pls advise. Thks in advance.

5 Replies 5

varrao
Level 10
Level 10

Hi Don,

The global statement is always depends upon the corresponding nat statement, let me explain you with an example:

nat (inside) 1 10.0.0.0 255.0.0.0

global (outside) 1 interface

Now the two statements make send, the inside networks would get pat to outside interface while going from inside to outside.

If you have a number of these statements then, the corresponding global statement for the nat would depend upon the nat identifier:

global (outside) 1 interface     (nat identifier in bold, the corresponding nat should have same identifier)

If in your configuration you just have only one statement as:

global (inside) 1 interface

then it is of no use.

To verify that, do:

show run nat

show run global

and chcek what all statements you have.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

Hi Varun,

Thk you very much for your prompt response. I understand the below 2 statements usually go hand in hand for traffic from private network going out to public network which require a PAT to public ip. However in my setup, the asa is connected to 2 networks which is both private. Hence must it still require the 2 statements below.

nat (inside) 1 10.0.0.0 255.0.0.0

global (outside) 1 interface

No not really, you can just create nat exempt as well for them. You have a few options if both the networks are private, you need not necessarily create a nat n global statenment for it.

Thanksm

Varun

Thanks,
Varun Rao

Hi varun,

Thk you once again. That only nat statement exist in my setup where the asa is connected to 2 private networks.

Hence i would like to know if traffic from networks connected to other interfaces eg dmz and outside  gets translated to asa inside interface when they get to the inside  network?

Hi Don,

Can you give me the outputs of:

show run static

show run nat

show run global

If you just have the statement:

global (outside) 1 interface

then the traffic would not be natted to inside interface, since it does not have a corresponding nat statement.

Thanks,

Varun

Thanks,
Varun Rao
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: