NAT 2xInterfaces in ASA 8.3
I am having a problems NATTING a second interface on 8.3 ASA
My 1st Interface:
nterface Ethernet0/0
nameif LAN1
security-level 0
ip address 10.10.10.1 255.255.255.0
interface Ethernet0/1
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.224
object network ENTIRELAN
subnet 0.0.0.0 0.0.0.0
object network ENTIRELAN
nat (LAN1,outside) dynamic x.x.x.x <----Public IP within the /27 subnet
This works JUST fine. I am think that the object network 0.0.0.0 is what is causing my second NAT not to work
2nd Interface:
interface Ethernet0/2
nameif LAN2
security-level 0
ip address 10.10.20.1 255.255.255.0
object network LAN2EXT
host x.x.x.x <
This is an additional Public IP in the subnet
object network Lan2
subnet 10.10.20.0 255.255.255.0
nat (LAN2,outside) source dynamic Lan2 LAN2EXT
But then I get an overlap message.
So I tried to just create a static NAT for the second Interface:
Changed
object network Lan2
host 10.10.20.100
nat (LAN2,outside) source static Lan2 LAN2EXT
And tried to ping out from .100 and I am not getting any translate hits
Manual NAT Policies (Section 1)
1 (LAN2) to (outside) source static Lan2 LAN2EXT
translate_hits = 0, untranslate_hits = 25
Auto NAT Policies (Section 2)
1 (LAN1) to (outside) source dynamic internal x.x.x.x
translate_hits = 108264, untranslate_hits = 5432
My 1st Interface:
nterface Ethernet0/0
nameif LAN1
security-level 0
ip address 10.10.10.1 255.255.255.0
interface Ethernet0/1
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.224
object network ENTIRELAN
subnet 0.0.0.0 0.0.0.0
object network ENTIRELAN
nat (LAN1,outside) dynamic x.x.x.x <----Public IP within the /27 subnet
This works JUST fine. I am think that the object network 0.0.0.0 is what is causing my second NAT not to work
2nd Interface:
interface Ethernet0/2
nameif LAN2
security-level 0
ip address 10.10.20.1 255.255.255.0
object network LAN2EXT
host x.x.x.x <
This is an additional Public IP in the subnet
object network Lan2
subnet 10.10.20.0 255.255.255.0
nat (LAN2,outside) source dynamic Lan2 LAN2EXT
But then I get an overlap message.
So I tried to just create a static NAT for the second Interface:
Changed
object network Lan2
host 10.10.20.100
nat (LAN2,outside) source static Lan2 LAN2EXT
And tried to ping out from .100 and I am not getting any translate hits
Manual NAT Policies (Section 1)
1 (LAN2) to (outside) source static Lan2 LAN2EXT
translate_hits = 0, untranslate_hits = 25
Auto NAT Policies (Section 2)
1 (LAN1) to (outside) source dynamic internal x.x.x.x
translate_hits = 108264, untranslate_hits = 5432
Comments
-
flipmad
Member Posts: 184
Everyone disregard, I figured this out. I killed the static NAT, made a dynamic interface NAT and added some security levels on the interfaces.