+ Reply to Thread
Results 1 to 2 of 2
  1. Senior Member flipmad's Avatar
    Join Date
    Jan 2008
    Posts
    186
    #1

    Default NAT 2xInterfaces in ASA 8.3

    I am having a problems NATTING a second interface on 8.3 ASA

    My 1st Interface:

    nterface Ethernet0/0
    nameif LAN1
    security-level 0
    ip address 10.10.10.1 255.255.255.0

    interface Ethernet0/1
    nameif outside
    security-level 0
    ip address x.x.x.x 255.255.255.224

    object network ENTIRELAN
    subnet 0.0.0.0 0.0.0.0

    object network ENTIRELAN
    nat (LAN1,outside) dynamic x.x.x.x <----Public IP within the /27 subnet

    This works JUST fine. I am think that the object network 0.0.0.0 is what is causing my second NAT not to work


    2nd Interface:

    interface Ethernet0/2
    nameif LAN2
    security-level 0
    ip address 10.10.20.1 255.255.255.0

    object network LAN2EXT
    host x.x.x.x <-----This is an additional Public IP in the subnet

    object network Lan2
    subnet 10.10.20.0 255.255.255.0
    nat (LAN2,outside) source dynamic Lan2 LAN2EXT

    But then I get an overlap message.

    So I tried to just create a static NAT for the second Interface:

    Changed
    object network Lan2
    host 10.10.20.100
    nat (LAN2,outside) source static Lan2 LAN2EXT

    And tried to ping out from .100 and I am not getting any translate hits

    Manual NAT Policies (Section 1)
    1 (LAN2) to (outside) source static Lan2 LAN2EXT
    translate_hits = 0, untranslate_hits = 25

    Auto NAT Policies (Section 2)
    1 (LAN1) to (outside) source dynamic internal x.x.x.x
    translate_hits = 108264, untranslate_hits = 5432
    Reply With Quote Quote  

  2. Senior Member flipmad's Avatar
    Join Date
    Jan 2008
    Posts
    186
    #2
    Everyone disregard, I figured this out. I killed the static NAT, made a dynamic interface NAT and added some security levels on the interfaces.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks