ASA & NAT Out of the box

NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
A brand new ASA with an up to date image comes out of the box with these statements for nat

Nat(inside) 1 0.0.0.0 0.0.0.0

In the ASDM it reads Dynamic NAT, source=any destination=any, translated interface=outside, address=outside.

So will this automatically NAT anything you configure on the inside vlan?

I ask because I am having HELL with getting an ASA to work over a bridged DSL connection.
There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!

Comments

  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,799 ■■■■■■■■□□
    The default is to PAT all inside with the IP of the outside interface. So your global should be something like global (outside) 1 interface . If you are using DHCP for the outside interface to accept the bridged IP make sure you used the setroute addition to the IP command to let it get the Default gateway from the DSL box also e.g. IP ADDRESS DHCP SETROUTE under the interface/vlan interface you are using on the outside.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    Hey thanks for the tips. Each of the DSL sites that are going live were given a single static IP address. I put that IP address on the outside VLAN. I think the reason I have experienced difficulty is because various service providers use a different DSL modem.
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,799 ■■■■■■■■□□
    I know, DSL is a pain in the ass compared to using cable for this type of thing. Each vendor handles bridging a different way. The last one I set on monday basically didn't use bridging if you wanted to keep the PPOE info. on the modem (Which I prefer so that if we change ISPs I don't have to reconfigure the firewall) you assigned the Static IPs as it's DHCP scope, the one I did previously was a standard bridge config. where you configured the ASA as a DHCP client and then set it to directly bridge the IP to it.
    Fun fun fun.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
Sign In or Register to comment.