ASA Nat help required - Cisco Community

586

Views

0

Helpful

2

Replies

Hi,

We have Internet router having public IP pool(144.xxxx Series) They are connected to ASA firewall , from ASA, it was Outside

Our requirement is we need to access that router from Inside Interface with some Private IP Pool.(10.xx.xx), One of the server hosted in DMZ location will fetch the config of the router,

Do static nat in asa 10.xxx --- to 144.xxx will help me in that case along with access list(port no 22) as config will be fetched over ssh protocol.

How to do the routing in that case.

thanks, subhojit

2 Replies 2

Hi,

Small addition, we like to do the Nat smothing like that Outside to Inside, Normally, we do inside to outside

Br/Subhojit

Hi,

I am not sure if i got it right from you. Correct me if i am wrong.

You have an internet router that is connected to ASA's outside interface and you want to manage this router from an inside network, let's say, 10.1.1.0/24 using SSH. However, i didn't get the DMZ and server part.

If this is the case, try this:

static (outside,inside) 10.1.1.10 144.xxx.xxx.xxx netmask 255.255.255.255

You do not need an ACL applied to the inside interface to allow SSH traffic to it because by default, traffic is allowed from higher security interface to a lower security interface.

However, i wonder why you want to apply this scenario. Why wouldn't you simply connect the router's mgmt interface to a dedicated management subnet?

Regards,

AM

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking for a $25 gift card