03-06-2011 11:48 PM - edited 03-11-2019 01:01 PM
Hi Friend,
I need to translate one host ip into an another network IP to access the host.
For example:
I have host A in X network and need to access the A host in Z network through ASA 5510 Ver 8.3 firewall.
I have done the Static Nat configuration, but it's not working.
check the configuration in below:
object network X-network-host
host 192.168.10.14
nat (inside,dmz-1) static 192.168.50.30
access-list 101 extended permit tcp host 192.168.10.14 host 192.168.50.30 eq ssh
access-group 101 in interface inside
I need to allow remote desktop on the same, but ssh also is not working on the above scenario.
Please check and revert back.
Thanks in advance.
03-06-2011 11:57 PM
Hi,
Assuming that the A host is on the Inside (X netword) seems that the configuration is not that bad. Needs some modifications thou:
object network X-network-host
host 192.168.10.14
nat (inside,dmz-1) static 192.168.50.30
That statement is saying that you are going to access the host 192.168.10.14 from the DMZ-1 using the IP address 192.168.50.30, in oder words, you are translatng the IP address .14 into .30.
The only thing that you may need is to put an access list on the dmz-1, the ACL would be like this.
access-list 101 permit tcp any host 192.168.10.14
access-list 101 permit ip any any
access.group 101 in interface dmz-1
Thay way, any host on the DMZ should be able to access the host 192.168.10.14 with the IP 192.168.50.30
Mike
03-07-2011 10:35 PM
Hi Maykol Rojas,
Sorry for the delay,
I have tried the above method, but it's not access ssh or remote desktop.
object network DC-Server
host 192.168.10.14
nat (inside,dmz-1) static 192.168.50.30
access-list 101 permit tcp any host 192.168.10.14
access-list 101 permit tcp any host 192.168.10.14 eq ssh
access-list 101 permit ip any any
access.group 101 in interface dmz-1
192.168.50.30 is a free ip, I try to translate 192.168.10.14 to 192.168.50.30
Please help me.
03-08-2011 08:10 AM
Hi,
Try with this config, where any host in DMZ-1 network (192.168.50.0) can access SSH service in inside host 192.168.10.14
i.e.
ssh 192.168.10.14 from any 192.168.50.x
object network DC-Server
host 192.168.10.14
object network DMZ-1-NETWORK
subnet 192.168.50.0 255.255.255.0
nat (inside,dmz-1) 2 source static DC-Server DC-Server destination static DMZ-1-NETWORK DMZ-1-NETWORK
access-list inside_access_in line 1 extended permit ip host 192.168.10.14 192.168.50.0 255.255.255.0
access-group inside_access_in in interface inside
access-list dmz-1_access_in line 1 extended permit tcp 192.168.50.0 255.255.255.0 host 192.168.10.14 eq ssh
access-group dmz-1_access_in in interface dmz-1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide