09-14-2012 08:52 PM - edited 03-11-2019 04:54 PM
I have a unique situation where I have the following inside network being translated to an outside public IP
so nat (inside) 1 192.168.10.0 255.255.255.0
global (outside) 1 207.x.x.3
This works great, however I need one of those inside hosts (192.168.10.27) to be translated to a unique outside ip 207.x.x.4
Can I simply do this ?
Nat (inside) 2 192.168.10.27
global (outside) 2 207.x.x.4
Will the translation table not hit the 1st Nat 1 statement and pass thru on .3, or will it actually trickle down to Nat 2 statement and match on .4
Any help would be appreciated.
Cheers
Dave
09-14-2012 10:47 PM
That is what the static translations are for:
static(inside,outside) 207.x.x.4 192.168.10.27 netmask 255.255.255.255
These have a higher priority then the dynamit translations with nat and global.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
09-14-2012 10:56 PM
Hi dave,
You can use the static NAT to achieve the requirement which you have specified.
static (inside,outside) 207.x.x.4 192.168.10.27 netmask 255.255.255.255
You can refer the below guide for more information on the static NAT.
http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/s.html#wp1026694
By
Karthik
Please do rate if the given information helps.
09-15-2012 01:23 AM
To answer your question, yes, you can configure the more specific NAT statement as you have stated:
Nat (inside) 2 192.168.10.27
global (outside) 2 207.x.x.4
as the more specific NAT statement will take precedence over the generic NAT statement.
Just have to make sure that you "clear xlate" after the new config.
Here is the NAT order of operation and in your case, point number 4 is what you are after:
http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/cfgnat.html#wp1042696
Hope that helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: