Outside Static Nat - Page 2

jack samuel · ‎10-25-2011

Hi

i have thought many times about outside Nat but i m confused when will be such situation that we will require outside NAT.Can anybody give me best example of real Network, and explain me the traffic flow i have read in book but still it is not clear.
In FWSM interface with higher security level when access to lower security level we only need access-list, NAT is not reqiured, Is it i m on the correct path???? or this is misunderstood.

Thanks

Jon Marshall · ‎10-29-2011

Yes, it's a typo, it should be 10.228.56.10.

Sorry for any confusion.

Jon

Jon Marshall · ‎10-29-2011

Jack

I know that i can reach through static (inside,outside) but i want to use static ( outside,inside) . On which scenario outside inside is possible, if PC-B want to reach PC-A

You use the static that is applicable. If you want PCB on the outside to be able to access PCA on the inside then you use a static (inside,outside) command. If you want to use a static (outside,inside) then you are not using the right command.

And they do different things. I gave you an example of when the (outside,inside) would be used but that doesn't really apply to your scenario. Your original question asked when it would be applicable to use a static (outside,inside) and in the scenario from your .jpg you wouldn't use it.

A scenario where you would use a static (outside,inside) would be -

PCA = 10.10.10.1

PCB = 172.16.10.1

you want PCA to be able to connect to PCB but using the IP address 10.10.10.10

static (outside,inside) 10.10.10.10 172.16.10.1 netmask 255.255.255.255

Jon

jack samuel · ‎10-29-2011

Jon,

U are the expert i have seen many replied post of yours,My concept is still not clear,pls do not leave the post in between and be patients with me.

what is the difference in my previous mail Diagram -2 and the example i gave for vlan 2 and vlan 3?????? yourself and mike told me that what i m thinking is correct for vlan translation that same concept i m applying on Diagram -2 of previous mail then why i m wrong.i m thinking vlan 3 as outside and vlan 2 as inside. Is it my previous mail Diagram-2 applicable for static (outside,inside).

In ur previous mail u gave me the below example

PCA = 10.10.10.1

PCB = 172.16.10.1

you want PCA to be able to connect to PCB but using the IP address 10.10.10.10

static (outside,inside) 10.10.10.10 172.16.10.1 netmask 255.255.255.255

I hope the diagram assumptions are same as below, if not please correct ,and explain me the traffic flow.and how the translation will happen.

PC-A IP Address: 10.10.10.1

Inside Virtual IP Address:10.10.10.10

outside PC-B real IP Address: 172.16.10.1

PCA connected to internal network and not directly to ASA

PCA---Core Sw----Inside (PIX) outside-------PC-B

I appreciate you for replying my mails and trying to make me understand.

Thanks