Re: ASA - Inside outside NAT

Hi,

Well I am not really a security expert however I will express my basic
knowledge
1) For inside networks to be able to go to the internet, they must have
public presence, thus nat (inside) global (outside) statements are needed .
(2 statements).
2) If assigning security levels to the interfaces which happens usually
(inside-->100,outside-->0,DMZ-->50) outside users cannot ping the inside,
for this to happen, you might need to add an ACL (incoming direction on the
outside interface) as well as a static nat if a ping for a published web
server is needed for example..(access-list statement) access-group (to apply
ACL) as well as a static nat if needed..

Thus the statements will be as follows:
nat (inside) 1
global(outside) 1
access-list 100 permit...
access-group 100 in interface outside
static(inside,outside) or static(dmz,outside)

Best Regards,

On Mon, Apr 19, 2010 at 12:04 AM, jockey wearer <jockeywearer_at_gmail.com>wrote:

> Hi all,
>
> I have configured cisco ASA firewall which is connected with inside and
> outside networks.Inside and outside networks has 3 networks internally . i
> am using rip protocol for reachability .
> On my firewall nat-control is enabled and I need to allow inside network
> to
> access outside network and outside to inside network .
> I want to put minimal configuration on firewall .
> Infact I have bet with my friend to success ICMP from both side of network
> (inside and outside) by using only two command statement on firewall
> (without disabling nat-control)
> is it possible and which way is good one .I am little bit confused.I think
> it is not possible in two commands ???
>
> Thanks
> Prashant
> CISSP
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
KJ
Blogs and organic groups at http://www.ccie.net