• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 404
  • Last Modified:

Cisco ASA 5520 seems to be bypassing PAT statement

I am in the process of converting our ASA 5520 from 7.2 to 8.3.2 and everything has worked except for my PAT from inside to DMZ.  

in 7.2 we had:
global (dmz) 1 192.168.0.10

In 8.3.2 I converted it to:
object network dmz_net
   subnet 0.0.0.0 0.0.0.0
   nat (inside,dmz) dynamic 192.168.0.10


From what I understand that should be the same as before, but when I test this config the PAT is just bypassed and my real IP's are hitting the DMZ.  Granted I know that by design the ASA is working as it should but pushing the real IP's, but the DMZ servers all have an internal network address which is causing a loop.  So I need this PAT "bandaid" to work so I can slowly change to allow my real IP's.  Any help would be great so I can try to figure out this problem.
0
Kishwaukee
Asked:
Kishwaukee
  • 3
1 Solution
 
asavenerCommented:
Can you provide your full config?
0
 
KishwaukeeAuthor Commented:
what part do you want to look at?  I would rather not post the whole config, it is very long.
0
 
KishwaukeeAuthor Commented:
The issue resolved itself with time.  Not sure why it took a day for the stuff to work but it is now working.
0
 
KishwaukeeAuthor Commented:
I resolved it myself, well it resolved it on its own.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now