Link to home
Start Free TrialLog in
Avatar of juggernaughty
juggernaughty

asked on

ASA ACL/NAT command questions

Experts,

I am novice when it comes to ASA/Cisco in general. I have a few questions on some commands below so that I can better understand them. Attached is a picture which I am currently mimicking for my (inside) and (DMZ) interfaces. I am not using external DNS and the external IP address is not the same.

This question is branched off of some recommendations from a previously asked question. I will post the experts username infront of their quotes.

Cyclops 3590 - "also, by your initial diagram, you had 10.30.30.x as your IP scheme so I assumed you had a /24 mask which is what I'd recommend in your case unless required.  Just because you use the 10.x.y.z scheme doesn't mean you have to use a /8 mask.  Also, if you use a /8 mask, you can't use the static commands I gave, you would need to do a global/nat combination then for IP translation"  
Q- Could someone please explain to me a little bit more about global/NAT combination? Why is it different if I wanted to use a 10.0.0.0 network address opposed to 10.30.30.0?


Batry Boy - "Put these commands in to be able to ping DMZ hosts from the inside network:"
access-list dmz_access_in permit icmp any any echo-reply
access-group dmz_access_in in interface DMZ

Q1- Could you please point me in the direction of Cisco documentation that will explain the pieces of each of the commands?

Thank you in advance.



ASKER CERTIFIED SOLUTION
Avatar of batry_boy
batry_boy
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial