1

I'm setting up my first cisco firewalls. A little information first:I have two asa5510 setup in a working active/standby pair.

From my ISP i have two public subnets. A /29 and a /26. On my DMZ interface i have the /26 configured. On my WAN Interface i have configured the /29 IPs. My isp routes the /26 via the /29 primary IP.

I'm running ASA 8.2.

I've turned NAT-Control off, because i don't want to use nat for for other than some internal interfaces. In essence i don't want to use NAT unless i specify it.

I have a internal interface with the network of 192.168.100.0/24. I've tried setting up nat limke this: 

nat (inside) 1 192.168.100.0 255.255.255.0 
global (WAN) 1 interface

I was under the impression that this would let connections that was going from 192.168.100.0/24 and out the WAN interface to be Port-Address-translated. I'm not getting this to work for some reason.

Inside interface has security level of 100, and wan has security level of 0.

LonelyLonelyNetworkN00b
  • 93
  • 1
  • 1
  • 9
  • Yeah, that should work, as long as the traffic doesn't match another NAT rule and passes any ACLs that are applicable on those interfaces. Can you provide the output from a `packet-tracer` command simulating the traffic? Something like `packet-tracer input inside tcp 192.168.100.50 1024 173.194.64.147 80` should give some good indication on where the issue is. – Shane Madden Nov 16 '11 at 18:43
  • I figured it out. I didn't think i needed to add access rules on the WAN_IN because of the lower security level, but apparently I did. – LonelyLonelyNetworkN00b Nov 17 '11 at 16:33

0 Answers0