[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

NAt statememts on ASA

I am trying to cofngure Nat on my asa for multiple configurtations. Here is a list of nat statements that that I have so far:

global (outside) 10 interface
nat (inside) 10 0.0.0.0 0.0.0.0
nat (Public) 10 0.0.0.0 0.0.0.0
static (inside,DMZ_Zone) 1.1.1.1 2.2.2.2  netmask 255.255.255.255

I did change the ip addresses of the example above to fake addresses. Now I would like to create a dynamic nat that is applied for all address coming from the inside interface destined to the dmz_zone interface that could use pat. Bascially I need the one static address above and the rest of the addresses in that subnet can use pat. I did create another address pool id of 20 and applied it to the DMZ_zone using Pat and then I created another dynamic rule from inside to DMZ_Zone but apparently that conflicts with the inside-outside dynamic rule.
0
phil435
Asked:
phil435
1 Solution
 
Ernie BeekCommented:
Normally, when accessing the DMZ from the inside you could add this (assuming your inside network is 192.168.1.0):
static (inside,DMZ_Zone) 192.168.1.0 192.168.1.0  netmask 255.255.255.0

That way Inside hosts appear on the DMZ with their own addresses. To restrict traffic to the DMZ you can then use access lists.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now