01-12-2016 08:35 PM - edited 03-12-2019 12:08 AM
Hello experts, Question 9.x Nat. ASA sample configuration below..
!
inter Eth0/0
nameif OUTSIDE
Sec-level 0
ip address 1.1.1.10 255.255.255.0 !
!
inter Eth0/1
nameif INSIDE
Sec-level 100
ip address 192.168.100.10 255.255.255.0
!
object network TEST1
host 192.168.3.5
nat (INSIDE,OUTSIDE) static 1.1.1.15
object network TEST2
Subnet 192.168.3.96 255.255.255.248
nat (INSIDE,OUTSIDE) dynamic 1.1.1.15
object network TEST3
subnet 0 0
nat (INSIDE,OUTSIDE) dynamic 1.1.1.20
!
access-list OUT2IN extended permit tcp object XYZ host 192.168.3.5 eq 22
!
Proper routing is in pace and access group applied to Outside interface.
Question is with the above config can XYZ members be able to access .3.5 via 22 and at the same time 1.1.1.15 can be used to static nat
3.5 and pat .97-.102 to internet?
Please suggest.
Thanks in advance
MS
Solved! Go to Solution.
01-12-2016 11:01 PM
Yes this should work assuming that correct routing in place
01-12-2016 11:16 PM
Hi,
Please mention tcp service command in the static NAT statement if you want to allow a specific port for a static NAT.
As Mohammed al Baqari said this looks correct. You can verify by running packet tracer on the ASA.
object network TEST1
host 192.168.3.5
nat (INSIDE,OUTSIDE) static 1.1.1.15 service tcp 22 22
Thanks,
Shivapramod M
01-12-2016 11:01 PM
Yes this should work assuming that correct routing in place
01-12-2016 11:16 PM
Hi,
Please mention tcp service command in the static NAT statement if you want to allow a specific port for a static NAT.
As Mohammed al Baqari said this looks correct. You can verify by running packet tracer on the ASA.
object network TEST1
host 192.168.3.5
nat (INSIDE,OUTSIDE) static 1.1.1.15 service tcp 22 22
Thanks,
Shivapramod M
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide