Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
807
Views
0
Helpful
2
Replies

NAT question/solution request

Go to solution
aaronkite
Level 1
Level 1

‎12-07-2012 07:57 AM - edited ‎03-11-2019 05:34 PM

Hi.  I have the following scenario and not sure how to build a NAT for it.  Using OS 8.3(2)  ASA 5510 secplus lic

I have a device on Outside interface that ONLY can talk to devices on its own broadcast domain, but I have a device on the Inside interface that must be able to talk to this device on the Outside interface.  I'm thinking I can set up a NAT for this device on the Inside interface to appear to be on the Outside interface.  Networks and hosts below:

interface Ethernet0/0

nameif Inside (routed interface connecting to the trusted side networks)

security-level 100

ip address 192.21.250.92 255.255.255.248

!

interface Ethernet0/1

nameif outside (layer 2 network with the "outside" interface being the gateway)

security-level 50

ip address 192.14.225.1 255.255.255.128

!

host 192.14.225.121 (device that can only talk on its own broadcast domain - can't set a default gateway on it)

host 192.51.14.38 (device that 192.14.225.121 needs to be able to talk to, that's coming from the Inside interface)

Can I have the 192.51.14.38 appear to be 192.14.225.5, so that 192.14.225.121 can talk to it?  Any other ideas or configurations for a solution would be much appreciated.

Thanks,

Aaron

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎12-07-2012 08:04 AM

Hi,

Dont you already have some default PAT configuration that does translation for networks behind interface "Inside" to the interface IP address of "outside" which is directly connected as far as host 192.14.225.121 is conserned? Then again looking that both of the networks are public I guess you wouldnt really have need for a PAT configuration between Inside and outside.

If not I guess one solution might be (object names might be better as something else )

object network MAPPED-192.14.225.5

host 192.14.225.5

object network MAPPED-192.14.225.5-DEST

host 194.14.225.121

object network MAPPED-192.14.225.5-SOURCE

host 192.51.14.38

nat (Inside,outside) source static MAPPED-192.14.225.5-SOURCE MAPPED-192.14.225.5 destination static MAPPED-192.14.225.5-DEST MAPPED-192.14.225.5-DEST

Seems a bit complex but should work I guess.

From left to right

  • Source interface
  • Destination interface
  • Static source address
  • Static mapped address
  • Static destination address twice as no change regarding its translation is done.

So to my understanding this NAT should only apply for the source host 192.51.14.38 when the destination is 192.14.225.121

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎12-07-2012 08:04 AM

Hi,

Dont you already have some default PAT configuration that does translation for networks behind interface "Inside" to the interface IP address of "outside" which is directly connected as far as host 192.14.225.121 is conserned? Then again looking that both of the networks are public I guess you wouldnt really have need for a PAT configuration between Inside and outside.

If not I guess one solution might be (object names might be better as something else )

object network MAPPED-192.14.225.5

host 192.14.225.5

object network MAPPED-192.14.225.5-DEST

host 194.14.225.121

object network MAPPED-192.14.225.5-SOURCE

host 192.51.14.38

nat (Inside,outside) source static MAPPED-192.14.225.5-SOURCE MAPPED-192.14.225.5 destination static MAPPED-192.14.225.5-DEST MAPPED-192.14.225.5-DEST

Seems a bit complex but should work I guess.

From left to right

  • Source interface
  • Destination interface
  • Static source address
  • Static mapped address
  • Static destination address twice as no change regarding its translation is done.

So to my understanding this NAT should only apply for the source host 192.51.14.38 when the destination is 192.14.225.121

- Jouni

0 Helpful

Go to solution
aaronkite
Level 1
Level 1
In response to Jouni Forss

‎12-07-2012 08:45 AM

Brilliant!  works perfectly thanks so much! 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card