Link to home
Start Free TrialLog in
Avatar of juggernaughty

asked on

ASA ACL/NAT command questions


I am novice when it comes to ASA/Cisco in general. I have a few questions on some commands below so that I can better understand them. Attached is a picture which I am currently mimicking for my (inside) and (DMZ) interfaces. I am not using external DNS and the external IP address is not the same.

This question is branched off of some recommendations from a previously asked question. I will post the experts username infront of their quotes.

Cyclops 3590 - "also, by your initial diagram, you had 10.30.30.x as your IP scheme so I assumed you had a /24 mask which is what I'd recommend in your case unless required.  Just because you use the 10.x.y.z scheme doesn't mean you have to use a /8 mask.  Also, if you use a /8 mask, you can't use the static commands I gave, you would need to do a global/nat combination then for IP translation"  
Q- Could someone please explain to me a little bit more about global/NAT combination? Why is it different if I wanted to use a network address opposed to

Batry Boy - "Put these commands in to be able to ping DMZ hosts from the inside network:"
access-list dmz_access_in permit icmp any any echo-reply
access-group dmz_access_in in interface DMZ

Q1- Could you please point me in the direction of Cisco documentation that will explain the pieces of each of the commands?

Thank you in advance.

Avatar of batry_boy
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial