Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
0
Helpful
4
Replies

ASA v8.3 How to tell public address presented to Internet???

Go to solution
tomd54321
Level 1
Level 1

‎11-11-2014 03:29 AM - edited ‎03-11-2019 10:03 PM

Hello All,

Using the CLI on an ASA 5510 with ver8.3 (old style NAT) how can I tell what public IP Address is presented to an internet web server when my internal natted clients visit a website?

If I do a:

sh run  | i nat

I get:

nat-control
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (wifi) 1 0.0.0.0 0.0.0.0

Which is not really what I'm looking for! :)

I normally sort this out by going to www.whatismyipaddress.com but can't be doing this from every site!

Cheers

T

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎11-11-2014 05:10 AM

There has to be a corresponding "global (outside) 1 ..." command in your config. There you see which IP you use or you see that the ASA is using the IP of the outside interface.

BTW: That's an ASA version <= 8.2, not 8.3. ASAv8.3 was the first release with the new syntax.

View solution in original post

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to tomd54321

‎11-13-2014 04:34 AM

That's exactly how it works. The keyword "interface" is just a placeholder for the actual address of the outgoing interface. You can use a different address instead. For setups where more public addresses are available, I always use a different IP and not the one on the interface.

BTW: All the NAT-stuff is explained in the config-guides (link to 8.2, link to 8.4).

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Karsten Iwen
VIP
VIP

‎11-11-2014 05:10 AM

There has to be a corresponding "global (outside) 1 ..." command in your config. There you see which IP you use or you see that the ASA is using the IP of the outside interface.

BTW: That's an ASA version <= 8.2, not 8.3. ASAv8.3 was the first release with the new syntax.

0 Helpful

Go to solution
tomd54321
Level 1
Level 1
In response to Karsten Iwen

‎11-13-2014 04:18 AM

Hi Karsten,

Many thanks for this. Sorry for late reply... traveling back from the SYD office!

Well spotted on ver! I have these things all over the world and they're all on different versions.  As an ASA noob it took me a while to figure out there was quite a major difference between versions and why I was finding it incredibly hard to learn! What worked on one firewall, wouldn't work on another :) I have many splinters in my fingers now from all the head scratching!

So I have:

global (outside) 1 interface
global (outside_dr_isp) 1 interface

Which means it's using the address on the interface, right? And if I wanted to use a different address (that I own of course), can I just change it using:

global (outside) 1 ip_address
global (outside_colt) 1 interface

Or is there more to it than that?

Cheers

T

 

 

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to tomd54321

‎11-13-2014 04:34 AM

That's exactly how it works. The keyword "interface" is just a placeholder for the actual address of the outgoing interface. You can use a different address instead. For setups where more public addresses are available, I always use a different IP and not the one on the interface.

BTW: All the NAT-stuff is explained in the config-guides (link to 8.2, link to 8.4).

0 Helpful

Go to solution
tomd54321
Level 1
Level 1
In response to Karsten Iwen

‎11-13-2014 11:47 AM

Brilliant. Thanks for your help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card