Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
658
Views
0
Helpful
2
Replies

Static NAT Internet => LAN

CSCO10889920
Level 1
Level 1

‎09-20-2012 09:12 AM - edited ‎03-11-2019 04:56 PM

Hello Guys,

                    Please, I need to create a static NAT in order to allow a specific host(source)  on internet (ex: 100.100.100.100) to connect a specific internal host (ex: 10.10.10.10) for a video-conference system.  My question is : how could I create a NAT in order to allow that communication? 

*I have a static NAT rule for outbound ( from inside to outside). Today my system can start the communication but cannot receive the request/connection from that host on internet.

My system is an ASA 5520

Thanks in adv,

Marc

Labels:
0 Helpful
2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

‎09-20-2012 11:33 AM

Hello,

You DO need a static translation for that as right now you might be using a Dynamic NAT and that is not biderectional.

Here is what I need from you in order to make this work:

1-What ports are you going to access from the internet?

2-Do you have an available IP address ( Dedicated that you could use to point 10.10.10.10 on the internet)

3-What version are you running on the ASA.

Any other question...Sure.. Just remember to rate all of my answers.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

CSCO10889920
Level 1
Level 1
In response to Julio Carvajal

‎09-21-2012 05:04 AM

Hello Julio,

                 Thanks. Below you find my answers:

"1-What ports are you going to access from the internet?"  Several TCP and UDP ports  (voice setup and video streaming and more)

"2-Do you have an available IP address ( Dedicated that you could use to point 10.10.10.10 on the internet) " Yes

"3-What version are you running on the ASA."   8.2(5)

I would like something like:

Source                         Destination               Translated Source                                        TranslatedDestination  Port/Service

100.100.100.100        90.90.90.1                "as original(100.100.100.100)"                  10.10.10.10                    any

Or:

Source                      Destination               Translated Source                   TranslatedDestination  Port/Service

any                            90.90.90.1                "as original"                                          10.10.10.10                    any

In the last case, for security reasons, the host will be up only when needed.

Thanks

Rdgs

Marc

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card