Scribd
Upload
55 views3 pages

Cisco ASA Dynamic NAT With DMZ

The document discusses configuring dynamic NAT on a Cisco ASA firewall with three interfaces: inside, outside, and DMZ. NAT rules are defined for traffic from the inside to outside, inside to DMZ, and DMZ to outside. The interfaces are configured and object networks are created for the NAT address pools.

Uploaded by

Son Tran Hong Nam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
55 views3 pages

Cisco ASA Dynamic NAT With DMZ

The document discusses configuring dynamic NAT on a Cisco ASA firewall with three interfaces: inside, outside, and DMZ. NAT rules are defined for traffic from the inside to outside, inside to DMZ, and DMZ to outside. The interfaces are configured and object networks are created for the NAT address pools.

Uploaded by

Son Tran Hong Nam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Cisco ASA Dynamic NAT with DMZ

In a previous lesson I explained how to configure dynamic NAT from the inside to the outside. In
this lesson we add a DMZ and some more NAT translations. Heres the topology that we will
use:

In this example we have our INSIDE, OUTSIDE and DMZ interfaces. The security levels of
these interfaces are:

INSIDE: 100

OUTSIDE: 0

DMZ: 50

We can go from a high security level to a low security level so this means that hosts from the
INSIDE can reach the DMZ and OUTSIDE. Hosts from the DMZ will also be able to reach the
OUTSIDE. We will configure NAT for the following traffic patterns:

Traffic from hosts on the INSIDE to the OUTSIDE, well use a public pool for
this.

Traffic from hosts on the INSIDE to the DMZ, well use a DMZ pool for this.

Traffic from hosts on the DMZ to the OUTSIDE, well use the same public pool
for this.

Heres what a visualization of these NAT rules look like:

Lets start by configuring the interfaces:


ASA1(config)# interface e0/0
ASA1(config-if)# nameif INSIDE
ASA1(config-if)# ip address 192.168.1.254 255.255.255.0
ASA1(config-if)# no shutdown
ASA1(config)# interface e0/1
ASA1(config-if)# nameif OUTSIDE
ASA1(config-if)# ip address 192.168.2.254 255.255.255.0
ASA1(config-if)# no shutdown
ASA1(config)# int e0/2

ASA1(config-if)#
ASA1(config-if)#
ASA1(config-if)#
ASA1(config-if)#

nameif DMZ
security-level 50
ip address 192.168.3.254 255.255.255.0
no shutdown

The INSIDE and OUTSIDE security levels have a default value, the DMZ I configured to 50
myself. Now lets look at the dynamic NAT configuration

Dynamic NAT with three Interfaces


First we will create the pools:
ASA1(config)# object network
ASA1(config-network-object)#
ASA1(config)# object network
ASA1(config-network-object)#

PUBLIC_POOL
range 192.168.2.100 192.168.2.200
DMZ_POOL
range 192.168.3.100 192.168.3.100

I will use a range of IP addresses from the subnet that is configured on the OUTSIDE and DMZ
interface. Now we can create some network objects for the NAT translations:

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy