Cisco ASA 5520 seems to be bypassing PAT statement
Posted on 2014-03-10
I am in the process of converting our ASA 5520 from 7.2 to 8.3.2 and everything has worked except for my PAT from inside to DMZ.
in 7.2 we had:
global (dmz) 1 192.168.0.10
In 8.3.2 I converted it to:
object network dmz_net
subnet 0.0.0.0 0.0.0.0
nat (inside,dmz) dynamic 192.168.0.10
From what I understand that should be the same as before, but when I test this config the PAT is just bypassed and my real IP's are hitting the DMZ. Granted I know that by design the ASA is working as it should but pushing the real IP's, but the DMZ servers all have an internal network address which is causing a loop. So I need this PAT "bandaid" to work so I can slowly change to allow my real IP's. Any help would be great so I can try to figure out this problem.