05-24-2012 04:05 PM - edited 03-11-2019 04:11 PM
I am trying to setup a second internal network using interface 0/2 on the ASA. Basically, where I am at now is:
ASA
INTERFACE ETHERNET0/0
nameif outside
security-level 0
ip address x.x.x.130 255.255.255.128
INTERFACE ETHERNET0/1
nameif inside
security-level 100
ip address 10.185.10.11 255.255.255.0
INTERFACE ETHERNET0/2
nameif inside_2
security-level 100
ip address 192.168.10.10 255.255.255.0
I have a switch coming off of this second interface of the ASA and a client with a static ip of 192.168.10.30.
I am not sure what I need to do for NAT on this second interface, I am assuming this is my only issue not being able to get out on the internet. Anybody have any idea how to set this up. Natting works just find on our 10.185.10.x network.
Thanks, Bob
Solved! Go to Solution.
05-24-2012 04:30 PM
Hello,
Nat (inside_2) 1 0 0
If that does not do it please share the running configuration.
Regards,
Julio
Rate all the posts that help
05-25-2012 04:42 PM
Hello,
In order to do that you will need the following command:
same-security-traffic permit inter-interface.
global (inside2) 10 interface
global (inside1) 10 interface
Regards,
Do rate all the posts that help
Julio
Security Engineer
05-24-2012 04:30 PM
Hello,
Nat (inside_2) 1 0 0
If that does not do it please share the running configuration.
Regards,
Julio
Rate all the posts that help
05-24-2012 04:47 PM
Sounds good, can you explain what that means exactly, the 1 0 0 part.
Thanks for the prompt response!
Also, I assume since these two internal networks are at the same security level, by default, they won't be able to contact each other, correct? I actually want it so they cannot reach each other.
05-24-2012 05:08 PM
Hello,
Its saying please nat everything behind the Inside2 interface.
Regards,
Julio
05-25-2012 08:03 AM
Hi Julio, everything works. The only thing I change was from group 1 to 10. 10 is the group we are using for the global NAT range. Everything worked after that. Now, one last thing, I am assuming there will be no communication between the two internal networks because they are at the same security level, how could if I needed too, have these networks communicate to each other.
05-25-2012 04:42 PM
Hello,
In order to do that you will need the following command:
same-security-traffic permit inter-interface.
global (inside2) 10 interface
global (inside1) 10 interface
Regards,
Do rate all the posts that help
Julio
Security Engineer
05-30-2012 05:51 PM
Hey Julio thanks for the help! Can you explain what the global (inside2) 10 interface means?
05-30-2012 09:27 PM
Hello,
When NAT control is enabled the traffic will hit a nat statement, then we need to have a global.
That is the purpose of the global in here.
Is everything working as expected now??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide