11-22-2012 01:26 PM - edited 03-11-2019 05:26 PM
Hello,
Do you know how to create a static nat from outside to inside and using services, this is a firewall 5545x
Thanks
11-22-2012 04:46 PM
Hello Eduardo,
Do you want to translate an inside user to an outside ip using services or do you want to translate a specific outside user on an specific port to an inside ip on a specific service??
Hope I was clear
11-25-2012 07:30 PM
Hi JCarvaja,
Thanks for your response, actually i would like to translate an outside public IP to a specific inside ip address and using a X port.
It was very easy on the previous IOS 8.2 but currently Im working with IOS 8.6.
Please help me
Thank you
11-25-2012 10:15 PM
Hi,
Can you paste your NAT configuration? I understand that you want to translate - private ip to public ip (static nat).
For example your private ip is - 10.10.10.10 and public ip is: 100.100.100.100
then try this:
static (inside,outside) 100.100.100.100 10.10.10.10 netmask 255.255.255.255
Hope it will help you..!!
Thanks
Siraj
11-25-2012 10:58 PM
Hello Eduardomoi,
There are some basic configurations you need to do.
Here in the example a public ip 117.1.1.1 is natted to private ip 192.168.5.6 wih some services
Natting the public ip with private ip
static (inside,outside) 117.1.1.1 192.168.5.6 netmask 255.255.255.255
U need to understand which ports u need to allow, are they TCP or UDP or both?.
Here in the below example both TCP and UDP are allowed.
Create an object group for TCP and UDP
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
Allow the service as per the requirement with the help of access lists and note that source can be any u can modify as per the requirement of urs.
In the below example port ranges in between 12000 and 29999 are allowed
access-list acl_out extended permit object-group TCPUDP any host 117.1.1.1 range 12000 29999
port ranges in between 8000 and 9000 are allowed
access-list acl_out extended permit object-group TCPUDP any host 117.1.1.1 range 8000 9000
port for specific service called sip is allowed
access-list acl_out extended permit udp any host 117.1.1.1 eq sip
port for specific service called sip with port number 5060 is allowed
access-list acl_out extended permit udp any host 117.1.1.1 eq 5060
Please dont forget to rate the helpful posts and if u feel the answer is correct please do the query answered.
Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
11-26-2012 03:06 AM
I would like to add since it is 5545-x which works on 8.6 and 9.x IOS so nat commands are different on this , below is what can help you:-
object network 10.0.0.10 (external ip)
host 10.0.0.10
object network 192.168.25.10 (internal ip)
host 192.168.25.10
nat (outside,inside) source static 10.0.0.10 10.0.0.10 destination static 192.168.25.10 192.168.25.10
11-26-2012 06:10 AM
Hi Riyasat Ali,
Thank you for your prompt response, actually my conf is like the following but currently is not working the static nat from outside to inside
nat (inside,provider1) source dynamic INSIDEGROUP interface
nat (inside,provider2) source dynamic INSIDEGROUP interface
nat (provider1,inside) source static 10.0.0.10 10.0.0.10 destination static 192.168.25.10 192.168.25.10
I ran the sh nat command but there are no hits for it
11-26-2012 06:19 AM
do u see any hit count on outside access-list for this traffic( as you need access-list since traffic is initiating from outside zone) , if not , then provide me the access list what u have , source ip from whr u initiating the traffic , destination ip and translated ip .
and also try to change the sequence of this nat as following :-
nat (provider1,inside) 1 source static 10.0.0.10 10.0.0.10 destination static 192.168.25.10 192.168.25.10
11-26-2012 09:08 AM
Thanks, the ACL is:
access-list OUTSIDE extended permit ip any host 10.0.0.10
11-26-2012 11:07 PM
Hi
I changed the sequence and it is not working
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide