NAT (outside,inside) question

Vlad Olteanu — Wed, 13 Mar 2019 01:08:01 GMT

Hi All,

I have to NAT my internet router (191.120.250.61) to an internal IP (10.102.40.5) on my Cisco ASA 5510 (8.4(7)), I have to monitor the router with an internal application.

I made the following configuration, but it doesn't work...

object network Internet_router

host 191.120.250.61

object network Internet_router

nat (outside,inside) static 10.102.40.5

access-list from_outside extended permit ip host 191.120.250.61 any
access-list from_inside extended permit ip any host 191.120.250.61

same-security-traffic permit intra-interface

Router------------------------[ASA]--------------------------Server (monitor)

191.120.250.61 10.102.40.100

What did I wrong?

Thank you

Create the object for your

Collin Clark — Tue, 24 Feb 2015 13:14:33 GMT

Create the object for your inside host

object network 10.102.40.5
host 10.102.40.5

Then NAT your external IP to it

nat (inside,outside) static interface

Your ACL should permit access to the real IP not the mapped IP.

access-list from_outside extended permit ip any host 10.102.40.100

Note that if you NAT your routers public IP to an internal IP you will lose all connectivity to the routers outside IP. It would be better to NAT just the ports you need.

object network 10.102.40.100
nat (inside,outside) static interface service udp 161 161

topic Create the object for your in Network Security

NAT (outside,inside) question

Create the object for your