[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

NAt statememts on ASA

I am trying to cofngure Nat on my asa for multiple configurtations. Here is a list of nat statements that that I have so far:

global (outside) 10 interface
nat (inside) 10
nat (Public) 10
static (inside,DMZ_Zone)  netmask

I did change the ip addresses of the example above to fake addresses. Now I would like to create a dynamic nat that is applied for all address coming from the inside interface destined to the dmz_zone interface that could use pat. Bascially I need the one static address above and the rest of the addresses in that subnet can use pat. I did create another address pool id of 20 and applied it to the DMZ_zone using Pat and then I created another dynamic rule from inside to DMZ_Zone but apparently that conflicts with the inside-outside dynamic rule.
1 Solution
Ernie BeekCommented:
Normally, when accessing the DMZ from the inside you could add this (assuming your inside network is
static (inside,DMZ_Zone)  netmask

That way Inside hosts appear on the DMZ with their own addresses. To restrict traffic to the DMZ you can then use access lists.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now