?
Solved

ASA 5520 identity nat

Posted on 2010-01-07
8
Medium Priority
?
989 Views
Last Modified: 2012-05-08
My scenario goes as follows; I am replacing a very badly configured 2811 that was acting as a mock firewall with an ASA 5520 that connects directly to a 3845, then out to the internets. I have several private ip subnets. Lets call them 10.50.0.0 and 10.60.0.0 and I also have several public subnets. Let's call these  66.x.x.x  and 77.x.x.x. I cannot use static nat for these, nor can I use pat. I must have these public ips pass straight through the firewall with the same original IP. I've attempted to use identity nat, but it will not pass the traffic. The private IP nating is working fine, and if I set up pat for the 66.x.x.x network, it works, but identity nat will not.

Here is the config. obviously I've changed the ips on here, but that is all. Can anyone see what I'm doing wrong or how I can get this to work?
ASA Version 7.0(8)
!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 88.x.x.4 255.255.255.0
!
interface GigabitEthernet0/1
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/1.2
 vlan 60
 nameif inside60
 security-level 50
 ip address 10.60.x.1 255.255.0.0
!
interface GigabitEthernet0/1.3
 vlan 50
 nameif inside50
 security-level 50
 ip address 10.50.x.1 255.255.0.0
!
interface GigabitEthernet0/2
 nameif dmz
 security-level 50
 no ip address
!
interface GigabitEthernet0/2.4
 vlan 184
 nameif dmz66
 security-level 50
 ip address 66.x.x.1 255.255.255.0
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
ftp mode passive
same-security-traffic permit inter-interface
pager lines 24
logging enable
logging asdm-buffer-size 512
logging asdm informational
mtu outside 1500
mtu inside60 1500
mtu inside50 1500
mtu dmz 1500
mtu dmz66 1500
mtu management 1500
no failover
asdm image disk0:/asdm-508.bin
asdm history enable
arp timeout 14400
global (outside) 10 88.x.x.x-88.x.x.x.x netmask 255.255.255.0
nat (inside32) 10 10.50.0.0 255.255.0.0
nat (dmz66) 0 66.x.x..0 255.255.255.0
rip dmz default version 2
route outside 0.0.0.0 0.0.0.0 88.x.x.1

0
Comment
Question by:Chad77
  • 4
  • 4
8 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26203308
there is no pat configuration...
0
 

Author Comment

by:Chad77
ID: 26203543
As I stated earlier, I don't need pat. I need the ips to pass through the firewall without translation, AKA identity nat.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26203562
what is AKA?
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 

Author Comment

by:Chad77
ID: 26203577
also known as
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26203610
what show the packet tracer?
0
 

Author Comment

by:Chad77
ID: 26203639
I'll be working on it tonight, and I'll give the results.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26204824
ok
0
 

Accepted Solution

by:
Chad77 earned 0 total points
ID: 26206898
It appears that my entire problem was I needed to upgrade the software on the ASA. It came with stock 7.0 and I upgraded to 7.24. Everything started working immediately.
0

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

616 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question