Static NAT Internet => LAN

CSCO10889920 · ‎09-20-2012

Hello Guys,

Please, I need to create a static NAT in order to allow a specific host(source) on internet (ex: 100.100.100.100) to connect a specific internal host (ex: 10.10.10.10) for a video-conference system. My question is : how could I create a NAT in order to allow that communication?

*I have a static NAT rule for outbound ( from inside to outside). Today my system can start the communication but cannot receive the request/connection from that host on internet.

My system is an ASA 5520

Thanks in adv,

Marc

Julio Carvajal · ‎09-20-2012

Hello,

You DO need a static translation for that as right now you might be using a Dynamic NAT and that is not biderectional.

Here is what I need from you in order to make this work:

1-What ports are you going to access from the internet?

2-Do you have an available IP address ( Dedicated that you could use to point 10.10.10.10 on the internet)

3-What version are you running on the ASA.

Any other question...Sure.. Just remember to rate all of my answers.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

CSCO10889920 · ‎09-21-2012

Hello Julio,

Thanks. Below you find my answers:

"1-What ports are you going to access from the internet?" Several TCP and UDP ports (voice setup and video streaming and more)

"2-Do you have an available IP address ( Dedicated that you could use to point 10.10.10.10 on the internet) " Yes

"3-What version are you running on the ASA." 8.2(5)

I would like something like:

Source Destination Translated Source TranslatedDestination Port/Service

100.100.100.100 90.90.90.1 "as original(100.100.100.100)" 10.10.10.10 any

Or:

Source Destination Translated Source TranslatedDestination Port/Service

any 90.90.90.1 "as original" 10.10.10.10 any

In the last case, for security reasons, the host will be up only when needed.

Thanks

Rdgs

Marc