Kishwaukee
asked on
Cisco ASA 5520 seems to be bypassing PAT statement
I am in the process of converting our ASA 5520 from 7.2 to 8.3.2 and everything has worked except for my PAT from inside to DMZ.
in 7.2 we had:
global (dmz) 1 192.168.0.10
In 8.3.2 I converted it to:
object network dmz_net
subnet 0.0.0.0 0.0.0.0
nat (inside,dmz) dynamic 192.168.0.10
From what I understand that should be the same as before, but when I test this config the PAT is just bypassed and my real IP's are hitting the DMZ. Granted I know that by design the ASA is working as it should but pushing the real IP's, but the DMZ servers all have an internal network address which is causing a loop. So I need this PAT "bandaid" to work so I can slowly change to allow my real IP's. Any help would be great so I can try to figure out this problem.
in 7.2 we had:
global (dmz) 1 192.168.0.10
In 8.3.2 I converted it to:
object network dmz_net
subnet 0.0.0.0 0.0.0.0
nat (inside,dmz) dynamic 192.168.0.10
From what I understand that should be the same as before, but when I test this config the PAT is just bypassed and my real IP's are hitting the DMZ. Granted I know that by design the ASA is working as it should but pushing the real IP's, but the DMZ servers all have an internal network address which is causing a loop. So I need this PAT "bandaid" to work so I can slowly change to allow my real IP's. Any help would be great so I can try to figure out this problem.
Can you provide your full config?
ASKER
what part do you want to look at? I would rather not post the whole config, it is very long.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I resolved it myself, well it resolved it on its own.