Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
2
Helpful
7
Replies

ASA Pub IP NAT

Go to solution
Yahya Zyar
Level 1
Level 1

‎07-17-2024 07:37 AM

Hello netpros,

I want to NAT a Private IP on DMZ to a specific Public IP, we have the subnet for ex. 7.7.7.0/29 , 7.7.7.1 is the GW and .2 is assigned to the Outside interface.

I did some research and find out that i need only one Static NAT to Let the Private IP go outside with a specific Pub IP.

Lets say that we want the host 172.16.1.9 to be reachable from outside with the IP 7.7.7.3

Example :

object network ServerX
host 172.16.1.9
nat (DMZ,OUTSIDE) 7.7.7.3

 

So only this command will work ? i mean its just a object, can that take effect to the configuration ?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

‎07-17-2024 09:20 AM

I prefer below way

Object network public

Subnrt host x.x.x.x

!

Object network private 

Subnet host y.y.y.y

!

Nat (in,out) static object private objects public 

You need also ACL to allow access to private IP with specific port

MHM

View solution in original post

7 Replies 7

Go to solution
MHM Cisco World
VIP
VIP

‎07-17-2024 09:20 AM

I prefer below way

Object network public

Subnrt host x.x.x.x

!

Object network private 

Subnet host y.y.y.y

!

Nat (in,out) static object private objects public 

You need also ACL to allow access to private IP with specific port

MHM

Go to solution
Yahya Zyar
Level 1
Level 1
In response to MHM Cisco World

‎07-18-2024 01:00 AM

Thank you,

I will try that.

I have another static NAT for this private IP, can the host be reachable with two different Public IP Adresses ?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Yahya Zyar

‎07-18-2024 06:34 AM

Two public IP reachable from same Outside interface 

MHM

Go to solution
Yahya Zyar
Level 1
Level 1
In response to MHM Cisco World

‎07-18-2024 06:39 AM

No there ist OUTSIDE1 and OUTSIDE2 

OUTSIDE1 have for Ex. 7.7.7.1 /29

OUTSIDE2 6.6.6.1 /32 already nated from 172.16.1.9 host

 

0 Helpful

Go to solution
Yahya Zyar
Level 1
Level 1
In response to MHM Cisco World

‎07-19-2024 03:16 AM

After the confguration , sems like the Internal users cannot rach the Public IP, the IP is reachable just from Outside, can you please help

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Yahya Zyar

‎07-19-2024 03:19 AM

Hi 

For first Q about two public IP I will check it tonight in lab

For your new reply can I see 

Show nat 

Show run nat 

MHM

0 Helpful

Go to solution
Jonny Bacoz
Level 1
Level 1

‎07-19-2024 04:58 AM

Yes, all that is needed to NAT the private IP 172.16.1.9 on the DMZ to the particular public IP 7.7.7.3 is the one NAT declaration you gave. The command implements a static NAT translation between the outside interface and the DMZ and produces a network object for the server. Make sure the proper entries in the access control list (ACL) are in place to permit the required traffic. The NAT translation that you supplied will be enabled by the setup you mentioned.

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card