Solved: ASA- Static NAT'g

sadik.bash · ‎11-25-2013

Hello,

I inherited a number of ASAs from a former engineer and I am trying to understand some of the configs currently on those ASAs. Can someone help translate this Static NAT statement: static (inside, pub_hosts) 10.254.1.200 10.254.1.200 netmask 255.255.255.255?

Int VLAN1

nameif inside

security-level 100

ip address 10.254.1.253 255.255.255.0

Int VALN3

nameif pub_hosts

security-level 40

ip address 10.253.1.254 255.255.255.0

Much appreciated.

Best, ~sK

Jon Marshall · ‎11-25-2013

static (inside, pub_hosts) 10.254.1.200 10.254.1.200 netmask 255.255.255.255?

means present the host 10.254.1.200 as the same IP to devices on the pub_hosts subnet. A static like this means that a connection can be initiated from the inside 10.254.1.200 host to devices on the pub_hosts and that a connection can be initiated from a pub_host device to the inside host 10.254.1.200.

In the example above if a pub_hosts device did initiate the connection you would need an acl allowing the traffic due to the pub_hosts interface having a lower security level (40) than the inside interface (100).

Jon

View solution in original post

Jon Marshall · ‎11-25-2013

static (inside, pub_hosts) 10.254.1.200 10.254.1.200 netmask 255.255.255.255?

means present the host 10.254.1.200 as the same IP to devices on the pub_hosts subnet. A static like this means that a connection can be initiated from the inside 10.254.1.200 host to devices on the pub_hosts and that a connection can be initiated from a pub_host device to the inside host 10.254.1.200.

In the example above if a pub_hosts device did initiate the connection you would need an acl allowing the traffic due to the pub_hosts interface having a lower security level (40) than the inside interface (100).

Jon

sadik.bash · ‎12-09-2013

Thanks, Jon!

That was helpful.

Best, ~sK