Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
514
Views
5
Helpful
4
Replies

Static Nat translation

Go to solution
Shaun McCloud
Level 1
Level 1

‎10-08-2013 08:11 PM - edited ‎03-11-2019 07:48 PM

There is one config that I can not figure out how to translate it over...

ip nat inside source static 10.4.200.29 27.166.58.194

ip nat inside source static 10.4.200.25 27.166.58.195

How do I do this on the ASA 8.2.5? (came from a 2800 router running ver 12.3(8r))

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johnlloyd_13
Level 9
Level 9

‎10-08-2013 08:37 PM

hi shaun,

assuming you've already defined the inside and outside interfaces on your ASA, could you try:

static (inside,outside) 27.166.58.194 10.4.200.29 netmask 255.255.255.255

static (inside,outside) 27.166.58.195 10.4.200.25 netmask 255.255.255.255

View solution in original post

0 Helpful
4 Replies 4

Go to solution
johnlloyd_13
Level 9
Level 9

‎10-08-2013 08:37 PM

hi shaun,

assuming you've already defined the inside and outside interfaces on your ASA, could you try:

static (inside,outside) 27.166.58.194 10.4.200.29 netmask 255.255.255.255

static (inside,outside) 27.166.58.195 10.4.200.25 netmask 255.255.255.255

0 Helpful

Go to solution
Shaun McCloud
Level 1
Level 1
In response to johnlloyd_13

‎10-08-2013 09:06 PM

So it does not seem to do what I am expecting it to do.

I have a web server on each of those addresses, and the outside address is the 27.x.x.x and the ip address on the server is the 10.x.x.x

After adding the config you suggested, I can not access the web servers from the out side, is it possible i need to open an access list the ports as well?

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to Shaun McCloud

‎10-08-2013 09:33 PM

Hello Shaun,

Yeah, You are missing the ACL.

On an ASA when going from a lower security level to a higher there is a requirement of an ACL in order to the traffic to be allowed.

access-list out-in permit tcp any host 27.x.x.x eq 80

acces-group out-in in interface outside

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
johnlloyd_13
Level 9
Level 9
In response to Julio Carvajal

‎10-09-2013 05:07 AM

I agree with Julio. Traffic coming from the Internet with hit ACL first then your NAT rules.

Please help rate useful posts.

Sent from Cisco Technical Support iPhone App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card