11-11-2014 03:29 AM - edited 03-11-2019 10:03 PM
Hello All,
Using the CLI on an ASA 5510 with ver8.3 (old style NAT) how can I tell what public IP Address is presented to an internet web server when my internal natted clients visit a website?
If I do a:
sh run | i nat
I get:
nat-control
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (wifi) 1 0.0.0.0 0.0.0.0
Which is not really what I'm looking for! :)
I normally sort this out by going to www.whatismyipaddress.com but can't be doing this from every site!
Cheers
T
Solved! Go to Solution.
11-11-2014 05:10 AM
There has to be a corresponding "global (outside) 1 ..." command in your config. There you see which IP you use or you see that the ASA is using the IP of the outside interface.
BTW: That's an ASA version <= 8.2, not 8.3. ASAv8.3 was the first release with the new syntax.
11-13-2014 04:34 AM
That's exactly how it works. The keyword "interface" is just a placeholder for the actual address of the outgoing interface. You can use a different address instead. For setups where more public addresses are available, I always use a different IP and not the one on the interface.
BTW: All the NAT-stuff is explained in the config-guides (link to 8.2, link to 8.4).
11-11-2014 05:10 AM
There has to be a corresponding "global (outside) 1 ..." command in your config. There you see which IP you use or you see that the ASA is using the IP of the outside interface.
BTW: That's an ASA version <= 8.2, not 8.3. ASAv8.3 was the first release with the new syntax.
11-13-2014 04:18 AM
Hi Karsten,
Many thanks for this. Sorry for late reply... traveling back from the SYD office!
Well spotted on ver! I have these things all over the world and they're all on different versions. As an ASA noob it took me a while to figure out there was quite a major difference between versions and why I was finding it incredibly hard to learn! What worked on one firewall, wouldn't work on another :) I have many splinters in my fingers now from all the head scratching!
So I have:
global (outside) 1 interface
global (outside_dr_isp) 1 interface
Which means it's using the address on the interface, right? And if I wanted to use a different address (that I own of course), can I just change it using:
global (outside) 1 ip_address
global (outside_colt) 1 interface
Or is there more to it than that?
Cheers
T
11-13-2014 04:34 AM
That's exactly how it works. The keyword "interface" is just a placeholder for the actual address of the outgoing interface. You can use a different address instead. For setups where more public addresses are available, I always use a different IP and not the one on the interface.
BTW: All the NAT-stuff is explained in the config-guides (link to 8.2, link to 8.4).
11-13-2014 11:47 AM
Brilliant. Thanks for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide