topic ASA Nat help required in Network Security

ASA Nat help required

subhojithalder198 — Tue, 12 Mar 2019 02:20:44 GMT

Hi,

We have Internet router having public IP pool(144.xxxx Series) They are connected to ASA firewall , from ASA, it was Outside

Our requirement is we need to access that router from Inside Interface with some Private IP Pool.(10.xx.xx), One of the server hosted in DMZ location will fetch the config of the router,

Do static nat in asa 10.xxx --- to 144.xxx will help me in that case along with access list(port no 22) as config will be fetched over ssh protocol.

How to do the routing in that case.

thanks, subhojit

ASA Nat help required

subhojithalder198 — Fri, 02 Aug 2013 14:35:29 GMT

Hi,

Small addition, we like to do the Nat smothing like that Outside to Inside, Normally, we do inside to outside

Br/Subhojit

Re: ASA Nat help required

turbo_engine26 — Fri, 02 Aug 2013 15:52:06 GMT

Hi,

I am not sure if i got it right from you. Correct me if i am wrong.

You have an internet router that is connected to ASA's outside interface and you want to manage this router from an inside network, let's say, 10.1.1.0/24 using SSH. However, i didn't get the DMZ and server part.

If this is the case, try this:

static (outside,inside) 10.1.1.10 144.xxx.xxx.xxx netmask 255.255.255.255

You do not need an ACL applied to the inside interface to allow SSH traffic to it because by default, traffic is allowed from higher security interface to a lower security interface.

However, i wonder why you want to apply this scenario. Why wouldn't you simply connect the router's mgmt interface to a dedicated management subnet?

Regards,