RE: ASA Nat problem from Ryan West on 2011-09-21 (Ccielab archives 09/2011)

From: Ryan West <rwest_at_zyedge.com>
Date: Thu, 22 Sep 2011 01:40:43 +0000

Yup, that should do it.

-ryan

From: Christopher Copley [mailto:copley.chris_at_gmail.com]
Sent: Wednesday, September 21, 2011 9:39 PM
To: Ryan West
Cc: ccielab_at_groupstudy.com
Subject: Re: ASA Nat problem

I bet I am missing this...

nat (DMZ2) 0 access-list NO-NAT

Is that it?

On Wed, Sep 21, 2011 at 9:35 PM, Ryan West
<rwest_at_zyedge.com<mailto:rwest_at_zyedge.com>> wrote:
On Wed, Sep 21, 2011 at 21:10:55, Christopher Copley wrote:
> Subject: ASA Nat problem
> global (OUTSIDE) 1 interface
> nat (DMZ1) 0 access-list NO-NAT
Think about what you might be missing here.

> nat (DMZ1) 1 0.0.0.0 0.0.0.0
> nat (DMZ2) 1 0.0.0.0 0.0.0.0
>
>
> access-list VPNSITE1 extended permit ip object-group DMZ1-NET object-
> group
> VPN-SITE1
> access-list VPNSITE2 extended permit ip object-group DMZ2-NET object-
> group
> VPN-SITE2
>
> access-list NO-NAT extended permit ip object-group DMZ1-NET
> object-group
> VPN-SITE1
> access-list NO-NAT extended permit ip object-group DMZ2-NET
> object-group
> VPN-SITE2
>
-ryan

--
Christopher D. Copley
copley.chris_at_gmail.com<mailto:copley.chris_at_gmail.com>
Blogs and organic groups at http://www.ccie.net

Received on Thu Sep 22 2011 - 01:40:43 ART

This archive was generated by hypermail 2.2.0 : Sat Oct 01 2011 - 07:26:25 ART