01-08-2012 04:50 AM - edited 03-11-2019 03:11 PM
Hi all,
I understand the following statement allows outgoing traffic from the inside network to translate to the asa inside interface address when it passes through the asa but does it also mean that traffic from networks connected to other interfaces eg dmz and outside gets translated to asa inside interface when they get to the inside network?
global (inside) 1 interface
The above is the only NAT statement in my asa. Pls advise. Thks in advance.
01-08-2012 04:57 AM
Hi Don,
The global statement is always depends upon the corresponding nat statement, let me explain you with an example:
nat (inside) 1 10.0.0.0 255.0.0.0
global (outside) 1 interface
Now the two statements make send, the inside networks would get pat to outside interface while going from inside to outside.
If you have a number of these statements then, the corresponding global statement for the nat would depend upon the nat identifier:
global (outside) 1 interface (nat identifier in bold, the corresponding nat should have same identifier)
If in your configuration you just have only one statement as:
global (inside) 1 interface
then it is of no use.
To verify that, do:
show run nat
show run global
and chcek what all statements you have.
Hope that helps.
Thanks,
Varun
01-08-2012 05:44 AM
Hi Varun,
Thk you very much for your prompt response. I understand the below 2 statements usually go hand in hand for traffic from private network going out to public network which require a PAT to public ip. However in my setup, the asa is connected to 2 networks which is both private. Hence must it still require the 2 statements below.
nat (inside) 1 10.0.0.0 255.0.0.0
global (outside) 1 interface
01-08-2012 05:51 AM
No not really, you can just create nat exempt as well for them. You have a few options if both the networks are private, you need not necessarily create a nat n global statenment for it.
Thanksm
Varun
01-08-2012 07:29 AM
Hi varun,
Thk you once again. That only nat statement exist in my setup where the asa is connected to 2 private networks.
Hence i would like to know if traffic from networks connected to other interfaces eg dmz and outside gets translated to asa inside interface when they get to the inside network?
01-08-2012 08:57 AM
Hi Don,
Can you give me the outputs of:
show run static
show run nat
show run global
If you just have the statement:
global (outside) 1 interface
then the traffic would not be natted to inside interface, since it does not have a corresponding nat statement.
Thanks,
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide