cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
253
Views
0
Helpful
1
Replies

NAT (outside,inside) question

Vlad Olteanu
Level 1
Level 1

Hi All,

I have to NAT my internet router (191.120.250.61) to an internal IP (10.102.40.5) on my Cisco ASA 5510 (8.4(7)), I have to monitor the router with an internal application.

 

I made the following configuration, but it doesn't work...

 

object network Internet_router

    host 191.120.250.61

object network Internet_router

  nat (outside,inside) static 10.102.40.5

 

access-list from_outside extended permit ip host 191.120.250.61 any
access-list from_inside extended permit ip any host 191.120.250.61

 

same-security-traffic permit intra-interface

 

Router------------------------[ASA]--------------------------Server (monitor) 

191.120.250.61                                                         10.102.40.100

 

What did I wrong?

 

Thank you

 

 

 

 

1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

Create the object for your inside host

object network 10.102.40.5
 host 10.102.40.5

Then NAT your external IP to it

nat (inside,outside) static interface

Your ACL should permit access to the real IP not the mapped IP.

access-list from_outside extended permit ip any host 10.102.40.100 

Note that if you NAT your routers public IP to an internal IP you will lose all connectivity to the routers outside IP. It would be better to NAT just the ports you need.

object network 10.102.40.100
 nat (inside,outside) static interface service udp 161 161

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: