cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
269
Views
2
Helpful
5
Replies

How to selectively NAT through ASA in GNS3

Thien are Margo
Level 1
Level 1

Hi, my name is Thien.

My case is that I have configuration static NAT on the ASA allowing address 3.0.0.2 (f0/0- R2) to through the ASA (g0/3 4.0.0.254)


object network OUT_REAL
host 3.0.0.2
object network DMZ
host 4.0.0.10
nat (outside,DMZ) source static OUT_REAL DMZ


object network OUT_REAL
host 3.0.0.2
object network INSIDE
host 8.0.0.10
nat (outside,inside) source static OUT_REAL INSIDE

 

object network DMZ_REAL
host 4.0.0.1
object network OUT
host 3.0.0.10
nat (DMZ,outside) source static DMZ_REAL OUT


object network INSIDE_REAL
host 8.0.0.1
object network OUT
host 3.0.0.10
nat (inside,outside) source static INSIDE_REAL OUT

ThienareMargo_1-1715778028067.png

The problem started when I ping from an address other than 4.0.0.1 (from R4 have ip add 5.0.0.4 or another ip add not from R2).

I solved this problem by NATing at R2 :

ena
conf t
ip nat inside source static 5.0.0.4 3.0.0.2
int f0/0
ip nat outside
int s3/0
ip nat inside                 ---------------------> it's successfully

 I solved this problem by NAT at R2    --- If so, Asa can recognize this address to block it if this address is not on the allowed list access ? Because any address from router R4 has an output of R2 ? How can I help Asa recognize unwanted ip add ? 

1 Accepted Solution
5 Replies 5

Can you more elaborate 

MHM

I want use PAT for STATIC NAT but i can 

MHM

Thank you.

My wish is not use port forwarding 1:1, it is NAT overload but i can assigning range the incoming ip will become an range output ip like static NAT