cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
490
Views
0
Helpful
1
Replies

NAT Configuration on ASA 9.1(3)

I installed an ASA 5585 firewall for one of our customer. I am trying to map inside antivirus IP 10.10.10.2 to the outside interface IP 192.168.10.4

 

Here is the NAT configuration. Please assist whether this configuration will work, post I need to implement the same.

 

interface GigabitEthernet0/4
 nameif MD_MSCO
 security-level 0
 ip address 192.168.10.4 255.255.255.128 standby 192.168.10.5

interface Port-channel20.30
 nameif Non-App
 security-level 100
 ip address 10.124.27.164 255.255.255.248 standby 10.124.27.165

 ciscoasa(config)# object network my-inside-net
ciscoasa(config-network-object)# host 10.10.10.2
ciscoasa(config-network-object)# nat (Non-App,MD_MSCO) dynamic interface

1 Accepted Solution

Accepted Solutions

jj27
Spotlight
Spotlight

Looks good as long as you only need dynamic NAT sourced from the AV server.  If you need any sort of access from the outside in to the AV server then you would need to use static NAT.  I'm sure it is there, but make sure you have a route for 10.10.10.2 or the network it lives on back through the Non-App interface.

View solution in original post

1 Reply 1

jj27
Spotlight
Spotlight

Looks good as long as you only need dynamic NAT sourced from the AV server.  If you need any sort of access from the outside in to the AV server then you would need to use static NAT.  I'm sure it is there, but make sure you have a route for 10.10.10.2 or the network it lives on back through the Non-App interface.

Review Cisco Networking for a $25 gift card