NAt statememts on ASA

Posted on 2011-04-20
Last Modified: 2012-05-11
I am trying to cofngure Nat on my asa for multiple configurtations. Here is a list of nat statements that that I have so far:

global (outside) 10 interface
nat (inside) 10
nat (Public) 10
static (inside,DMZ_Zone)  netmask

I did change the ip addresses of the example above to fake addresses. Now I would like to create a dynamic nat that is applied for all address coming from the inside interface destined to the dmz_zone interface that could use pat. Bascially I need the one static address above and the rest of the addresses in that subnet can use pat. I did create another address pool id of 20 and applied it to the DMZ_zone using Pat and then I created another dynamic rule from inside to DMZ_Zone but apparently that conflicts with the inside-outside dynamic rule.
Question by:phil435
    1 Comment
    LVL 35

    Accepted Solution

    Normally, when accessing the DMZ from the inside you could add this (assuming your inside network is
    static (inside,DMZ_Zone)  netmask

    That way Inside hosts appear on the DMZ with their own addresses. To restrict traffic to the DMZ you can then use access lists.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
    When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now