11-25-2011 06:55 AM - edited 03-04-2019 02:24 PM
i have an ASA 5520 runnng 8.4(1)
it has the following interfaces
WAN - public IP
DMZ - public IP
Prod - 192.168.1.X
for internet access i have the following statement
object network Prod_Subnet_Internet
nat (Production,WAN) dynamic interface
do i need a similar statement if hosts in the Prod network need to access hosts in the DMZ ?
11-25-2011 07:58 AM
Hi,
If DMZ hosts are not on the internet then you don't need to as by default nat-control is disabled.
Regards.
Alain
11-25-2011 08:05 AM
dmz hosts are on the internet, they all have public IPs
11-25-2011 08:16 AM
Hi,
Then you need to do a NAT because private adresses are not routeable on the internet.
Regards.
Alain
11-25-2011 08:27 AM
1 more thing
i am able to ping those dmz ips without a nat stmt
is icmp handled differently ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide