I am learning how to configure an ASA 5500. I am having a problem with NAT.
It is my understanding that traffic will pass from a more secure interface to a less secure interface by default. I wanted hosts on the Inside interface to be able to ping hosts on both the Dmz and the Outside interfaces. The security levels are: Inside 100 Outside 0 Dmz 50
I added ICMP to the Class inspection_default
nat by default was:
global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0
I added nat (dmz) 1 0.0.0.0 0.0.0.0
I can ping hosts on the Outside interface from the Dmz. I cannot ping hosts on the Outside interface.
Looks like, with my dim understanding of this, I missed something.
I would appreciate any suggestions.
Thanks