09-24-2008 08:56 PM - edited 03-09-2019 09:32 PM
Hi,
I have 1 ASA connected with L3 3550 switch in L3 mode. In ASA natting for inside & global outside is configured with proper static routing.
ENd user is being assigned with manual ip. The problem is whenever any end machine comes up in the network automatically it is natted with a public ip from global ip pool configured in the asa.
I blocked the netwbios ports in the switch using acl but still the problem persists.
any suggestion plz..
09-24-2008 09:36 PM
if you dont mind post your config.
regs
S.mohana sundaram
09-24-2008 10:00 PM
ASA:
===========================================
interface GigabitEthernet0/0
description @@@ Connected with Router Gig 0/0/1 @@@
nameif outside
security-level 0
ip address 125.20.1.2 255.255.255.224
!
interface GigabitEthernet0/1
description @@@ Connected with Core Switch @@@
nameif inside
security-level 100
ip address 192.168.255.5 255.255.255.252
!
interface GigabitEthernet0/2
description @@@ DMZ ZONE @@@
nameif dmz
security-level 50
ip address 192.168.10.1 255.255.255.192
access-list 110 permit tcp any any eq 53
access-list 110 permit udp any any eq 53
access-list 110 permit tcp any any eq 80
access-list 110 permit tcp any any eq 443
access-list 110 permit tcp any any eq 25
access-list 110 permit tcp any any eq 110
access-list 110 permit icmp any any eq echo-reply
global (outside) 1 210.212.10.2-210.212.10.14 netmask 255.255.255.240
nat (inside) 1 192.168.10.0 255.255.255.0
access-group 110 in inerface outside
access-group 110 in inerface inside
access-group 110 in inerface dmz
route outside 0.0.0.0 0.0.0.0 125.20.1.1 1
route inside 192.168.0.0 255.255.0.0 192.168.255.6
=============================================
L3 Switch:
Int vlan 2
ip address 192.168.10.1 255.255.255.0
Int gi0/7
no switchport
ip address 192.168.255.6 255.255.255.252
description ### connected with firewall ###
ip route 0.0.0.0 0.0.0.0 192.168.255.5
09-25-2008 03:53 AM
based on ur config anydevice in network 192.168.10.0/24 want to go to the internet will use any available ip in ur pool
what u want to do exactly ?
09-25-2008 04:11 AM
The problem is: whenever any machine comes up with IP 192.168.10.0/24, it automatically gets natted & being asigned a free public ip from the pool.
If i want to access internet then only it should be natted. But in my case if a ping a local machine in the lan, then also using "sh xlate" command i can see that my local ip has been natted with a public ip.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide