cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
368
Views
5
Helpful
4
Replies

Static Nat translation

Shaun McCloud
Beginner
Beginner

There is one config that I can not figure out how to translate it over...

ip nat inside source static 10.4.200.29 27.166.58.194

ip nat inside source static 10.4.200.25 27.166.58.195

How do I do this on the ASA 8.2.5? (came from a 2800 router running ver 12.3(8r))

1 Accepted Solution

Accepted Solutions

johnlloyd_13
Engager
Engager

hi shaun,

assuming you've already defined the inside and outside interfaces on your ASA, could you try:

static (inside,outside) 27.166.58.194 10.4.200.29 netmask 255.255.255.255

static (inside,outside) 27.166.58.195 10.4.200.25 netmask 255.255.255.255

View solution in original post

4 Replies 4

johnlloyd_13
Engager
Engager

hi shaun,

assuming you've already defined the inside and outside interfaces on your ASA, could you try:

static (inside,outside) 27.166.58.194 10.4.200.29 netmask 255.255.255.255

static (inside,outside) 27.166.58.195 10.4.200.25 netmask 255.255.255.255

So it does not seem to do what I am expecting it to do.

I have a web server on each of those addresses, and the outside address is the 27.x.x.x and the ip address on the server is the 10.x.x.x

After adding the config you suggested, I can not access the web servers from the out side, is it possible i need to open an access list the ports as well?

Hello Shaun,

Yeah, You are missing the ACL.

On an ASA when going from a lower security level to a higher there is a requirement of an ACL in order to the traffic to be allowed.

access-list out-in permit tcp any host 27.x.x.x eq 80

acces-group out-in in interface outside

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

I agree with Julio. Traffic coming from the Internet with hit ACL first then your NAT rules.

Please help rate useful posts.

Sent from Cisco Technical Support iPhone App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers