Re: ASA Nat problem from Alexei Monastyrnyi on 2011-09-21 (Ccielab archives 09/2011)

From: Alexei Monastyrnyi <alexeim73_at_gmail.com>
Date: Thu, 22 Sep 2011 12:28:24 +1000

seems like nonat is missing for dmz2....

On 22 September 2011 11:42, Christopher Copley <copley.chris_at_gmail.com>wrote:

> Thanks, I will try that. I knew I had to be missing some thing stupid.
>
> Chris
>
> On Wed, Sep 21, 2011 at 9:40 PM, Ryan West <rwest_at_zyedge.com> wrote:
>
> > Yup, that should do it.****
> >
> > ** **
> >
> > -ryan****
> >
> > ** **
> >
> > *From:* Christopher Copley [mailto:copley.chris_at_gmail.com]
> > *Sent:* Wednesday, September 21, 2011 9:39 PM
> > *To:* Ryan West
> > *Cc:* ccielab_at_groupstudy.com
> >
> > *Subject:* Re: ASA Nat problem****
> >
> > ** **
> >
> > I bet I am missing this...****
> >
> > ** **
> >
> > nat (DMZ2) 0 access-list NO-NAT****
> >
> > ** **
> >
> > Is that it?****
> >
> > ** **
> >
> > On Wed, Sep 21, 2011 at 9:35 PM, Ryan West <rwest_at_zyedge.com> wrote:****
> >
> > On Wed, Sep 21, 2011 at 21:10:55, Christopher Copley wrote:
> > > Subject: ASA Nat problem****
> >
> > > global (OUTSIDE) 1 interface
> > > nat (DMZ1) 0 access-list NO-NAT****
> >
> > Think about what you might be missing here.****
> >
> >
> > > nat (DMZ1) 1 0.0.0.0 0.0.0.0
> > > nat (DMZ2) 1 0.0.0.0 0.0.0.0
> > >
> > >
> > > access-list VPNSITE1 extended permit ip object-group DMZ1-NET object-
> > > group
> > > VPN-SITE1
> > > access-list VPNSITE2 extended permit ip object-group DMZ2-NET object-
> > > group
> > > VPN-SITE2
> > >
> > > access-list NO-NAT extended permit ip object-group DMZ1-NET
> > > object-group
> > > VPN-SITE1
> > > access-list NO-NAT extended permit ip object-group DMZ2-NET
> > > object-group
> > > VPN-SITE2
> > >****
> >
> > -ryan****
> >
> >
> >
> > ****
> >
> > ** **
> >
> > --
> > Christopher D. Copley****
> >
> > copley.chris_at_gmail.com****
> >
> > ** **
> >
> > ** **
> >
>
>
>
> --
> Christopher D. Copley
> copley.chris_at_gmail.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Sep 22 2011 - 12:28:24 ART

This archive was generated by hypermail 2.2.0 : Sat Oct 01 2011 - 07:26:25 ART