Cisco 5500 firewall - NAT question

I have an ASA 5500 with a LAN that needs net access. I have one class C 192.168.12.0/24 and I have an interface off the

firewall going to the LAN and another interface going to the internet.

I've been trying to figure out how to get NAT to work to let connections out to the internet with no success. Below is my

config.

Any help would be greatly appreciated.

Thanks,

Adam

__SNIP__

Version 7.0(7)
!
hostname asa1
domain-name test.net
enable password **
names
dns-guard
!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.12.14 255.255.255.0
!
interface GigabitEthernet0/1
nameif outside
security-level 100
ip address 66.18.**.* 255.255.255.252
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
passwd *****
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
no asdm history enable
arp timeout 14400
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 66.18.**.* 1
timeout xlate 3:00:00
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.3 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:ea03a9cad5e01af4c07cba3b3ad4ba12
: end

__SNIP__

Same security level interfaces will never talk to each other. You also need a global statement defining how you want the inside hosts to appear.

I have an ASA 5500 with a LAN that needs net access. I have one class C 192.168.12.0/24 and I have an interface off the

firewall going to the LAN and another interface going to the internet.

I've been trying to figure out how to get NAT to work to let connections out to the internet with no success. Below is my

config.

Any help would be greatly appreciated.

Thanks,

Adam

__SNIP__

Version 7.0(7)
!
hostname asa1
domain-name test.net
enable password **
names
dns-guard
!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.12.14 255.255.255.0
!
interface GigabitEthernet0/1
nameif outside
security-level 100
ip address 66.18.**.* 255.255.255.252
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
passwd *****
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
no asdm history enable
arp timeout 14400
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 66.18.**.* 1
timeout xlate 3:00:00
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.3 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:ea03a9cad5e01af4c07cba3b3ad4ba12
: end

__SNIP__

Try the following:

Change the security level on the outside interface to something less than 100, ideally 0.

To complete your NAT configuration use:

global (outside) 1 interface