05-15-2024 06:13 AM - edited 05-15-2024 06:14 AM
Hi, my name is Thien.
My case is that I have configuration static NAT on the ASA allowing address 3.0.0.2 (f0/0- R2) to through the ASA (g0/3 4.0.0.254)
object network OUT_REAL
host 3.0.0.2
object network DMZ
host 4.0.0.10
nat (outside,DMZ) source static OUT_REAL DMZ
object network OUT_REAL
host 3.0.0.2
object network INSIDE
host 8.0.0.10
nat (outside,inside) source static OUT_REAL INSIDE
object network DMZ_REAL
host 4.0.0.1
object network OUT
host 3.0.0.10
nat (DMZ,outside) source static DMZ_REAL OUT
object network INSIDE_REAL
host 8.0.0.1
object network OUT
host 3.0.0.10
nat (inside,outside) source static INSIDE_REAL OUT
The problem started when I ping from an address other than 4.0.0.1 (from R4 have ip add 5.0.0.4 or another ip add not from R2).
I solved this problem by NATing at R2 :
ena
conf t
ip nat inside source static 5.0.0.4 3.0.0.2
int f0/0
ip nat outside
int s3/0
ip nat inside ---------------------> it's successfully
I solved this problem by NAT at R2 --- If so, Asa can recognize this address to block it if this address is not on the allowed list access ? Because any address from router R4 has an output of R2 ? How can I help Asa recognize unwanted ip add ?
Solved! Go to Solution.
05-19-2024 01:58 AM
check the config example :
05-18-2024 08:12 AM
Can you more elaborate
MHM
05-18-2024 08:07 PM
I want use PAT for STATIC NAT but i can
05-19-2024 02:06 AM - edited 05-19-2024 06:04 AM
MHM
05-19-2024 06:03 AM - edited 05-19-2024 06:19 AM
Thank you.
My wish is not use port forwarding 1:1, it is NAT overload but i can assigning range the incoming ip will become an range output ip like static NAT
05-19-2024 01:58 AM
check the config example :
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide