ASA 5520 identity nat

My scenario goes as follows; I am replacing a very badly configured 2811 that was acting as a mock firewall with an ASA 5520 that connects directly to a 3845, then out to the internets. I have several private ip subnets. Lets call them 10.50.0.0 and 10.60.0.0 and I also have several public subnets. Let's call these  66.x.x.x  and 77.x.x.x. I cannot use static nat for these, nor can I use pat. I must have these public ips pass straight through the firewall with the same original IP. I've attempted to use identity nat, but it will not pass the traffic. The private IP nating is working fine, and if I set up pat for the 66.x.x.x network, it works, but identity nat will not.

Here is the config. obviously I've changed the ips on here, but that is all. Can anyone see what I'm doing wrong or how I can get this to work?
ASA Version 7.0(8)
!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 88.x.x.4 255.255.255.0
!
interface GigabitEthernet0/1
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/1.2
 vlan 60
 nameif inside60
 security-level 50
 ip address 10.60.x.1 255.255.0.0
!
interface GigabitEthernet0/1.3
 vlan 50
 nameif inside50
 security-level 50
 ip address 10.50.x.1 255.255.0.0
!
interface GigabitEthernet0/2
 nameif dmz
 security-level 50
 no ip address
!
interface GigabitEthernet0/2.4
 vlan 184
 nameif dmz66
 security-level 50
 ip address 66.x.x.1 255.255.255.0
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
ftp mode passive
same-security-traffic permit inter-interface
pager lines 24
logging enable
logging asdm-buffer-size 512
logging asdm informational
mtu outside 1500
mtu inside60 1500
mtu inside50 1500
mtu dmz 1500
mtu dmz66 1500
mtu management 1500
no failover
asdm image disk0:/asdm-508.bin
asdm history enable
arp timeout 14400
global (outside) 10 88.x.x.x-88.x.x.x.x netmask 255.255.255.0
nat (inside32) 10 10.50.0.0 255.255.0.0
nat (dmz66) 0 66.x.x..0 255.255.255.0
rip dmz default version 2
route outside 0.0.0.0 0.0.0.0 88.x.x.1

Chad77Asked:
Who is Participating?
 
Chad77Author Commented:
It appears that my entire problem was I needed to upgrade the software on the ASA. It came with stock 7.0 and I upgraded to 7.24. Everything started working immediately.
0
 
Istvan KalmarHead of IT Security Division Commented:
there is no pat configuration...
0
 
Chad77Author Commented:
As I stated earlier, I don't need pat. I need the ips to pass through the firewall without translation, AKA identity nat.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
Istvan KalmarHead of IT Security Division Commented:
what is AKA?
0
 
Chad77Author Commented:
also known as
0
 
Istvan KalmarHead of IT Security Division Commented:
what show the packet tracer?
0
 
Chad77Author Commented:
I'll be working on it tonight, and I'll give the results.
0
 
Istvan KalmarHead of IT Security Division Commented:
ok
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.