Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
0
Helpful
1
Replies

Using inside interface IP address for PAT

bhogue
Level 1
Level 1

‎07-17-2018 08:54 AM - edited ‎02-21-2020 07:59 AM

Hi all,

I have a direct connection to a remote vendor from my ASA 5516 (9.5(2)) for a hosted web based application.  I need to add an IP on my inside interface (192.168.2.26) to use for a PAT address to the vendor.  This is the path:

Client (192.168.1.0/24) -> Core switch (192.168.2.1/24) -> Firewall inside interface (192.168.2.25/24) -> Firewall vendor interface  (10.10.10.101/29) -> Vendor firewall(10.10.10.97/29) -> Web App (10.10.11.0/24)

 

This is what I've tried but it isn't working:

 

route inside 192.168.1.0 255.255.255.0 192.168.2.1 1

route vendor 10.10.11.0 255.255.255.0 10.10.10.101 1

object network VENDOR_LOCAL_PAT
 subnet 192.168.1.0 255.255.255.0
object network VENDOR_REMOTE_PAT
 subnet 10.10.11.0 255.255.255.0
object network VENDOR_PAT_IP
 host 192.168.2.26
nat (inside,vendor) source dynamic VENDOR_LOCAL_PAT VENDOR_PAT_IP destination static VENDOR_REMOTE_PAT VENDOR_REMOTE_PAT

 

Can someone tell me what I'm doing wrong? 

Thanks,

Bill

Labels:
0 Helpful
1 Reply 1

Jewgeni Uschegow
Level 1
Level 1

‎07-17-2018 01:22 PM

Hi Bill,

 

the nat rule look ok, but I think that route to vendor is false. Can you try:

 

> route vendor 10.10.11.0 255.255.255.0 10.10.10.97 1

 

Best regards,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card