cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
408
Views
0
Helpful
3
Replies

query on PAT

donnie
Level 1
Level 1

Hi all,

I have a asa with 2 interfaces, both connected to private networks.

For the statement below, does it mean that outbound traffic frm the inside network of the asa will be translated to the asa inside interface when it passes through the asa?

global (inside) 1 interface

I am bit confused. Thk you!

2 Accepted Solutions

Accepted Solutions

Jim Thomas
Level 4
Level 4

yes that is correct, but traffic from interfaces like dmz or outside going out of the inside interface.

Sent from Cisco Technical Support iPhone App

Jim Thomas Cisco Security Course Director Global Knowledge CCIE Security #16674

View solution in original post

fb_webuser
Level 6
Level 6

That command alone won't do anything...

If you enter these two commands:

global (outside) 1 interface

nat (inside) 1 0 0

It means everything (the 0s) coming on the inside interface will get natted when it goes out of the outside interface with the IP address of that interface (the outside interface's IP).

In addition it would to PAT.

I'll recommend you to go thru this document:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml

It does explain how to create NAT rules by using both the CLI and the ASDM.

D.

---

Posted by WebUser Dennis Ariel

View solution in original post

3 Replies 3

Jim Thomas
Level 4
Level 4

yes that is correct, but traffic from interfaces like dmz or outside going out of the inside interface.

Sent from Cisco Technical Support iPhone App

Jim Thomas Cisco Security Course Director Global Knowledge CCIE Security #16674

Hi Thomas,

Apologies i miss out on the

"but traffic from interfaces like dmz or outside going out of the inside interface." on your post.

Does that mean that traffic from other interfaces(eg dmz or outside) destined for inside network will also get translated to the inside interface ip for the statement below(assuming i have no other "nat" and "global" statements)?

global (inside) 1 interface

fb_webuser
Level 6
Level 6

That command alone won't do anything...

If you enter these two commands:

global (outside) 1 interface

nat (inside) 1 0 0

It means everything (the 0s) coming on the inside interface will get natted when it goes out of the outside interface with the IP address of that interface (the outside interface's IP).

In addition it would to PAT.

I'll recommend you to go thru this document:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml

It does explain how to create NAT rules by using both the CLI and the ASDM.

D.

---

Posted by WebUser Dennis Ariel

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: