07-30-2010 07:38 AM - edited 03-08-2019 06:34 PM
The video below provides a basic command line configuration example of Network Address Translation (NAT) on the CIsco ASA Version 8.3. See below for links to more information about NAT Configuration on version 8.3
ASA 8.3 Command Line Configuration Guide; Configuring NAT:
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html
ASA Pre-8.3 to 8.3 NAT configuration examples:
Thanks, its been a while since i did ASAs great help. One thing though last time I checked 10.1.0.0/16 etc would still be a class A address
Yeah, I should have said "slash-16"
The video is well presented and provides a fairly good summary. I'd like to see the nat command explained in a little more detail. Of course I really wish they hadn't gone this route with the nat configuration.
This was a big help to me. I was told to upgrade this 5505 before I deployed it today so I was not familiar with these new changes, I saw there were notes and instructions but I needed to understand it quickly. This was very straight forward and I was able to figure it out from here without spending too much time reading. Now when I go back and read I'll have a better understanding of the changes.
Sometimes I feel like I have to read this stuff over and over before I comprehend it, I didn't have to do that this time!
Thanks, I'm very glad the video helped!
Great video Jay! Thanks
//JimiSweden
Excellent video. Real help with setting up NAT statements in 8.4. Picture is worth a thousand words and this video is worth a million. Thanks!
Hello Jay,
Thank you for the great video!
I have a quick question that I would like to ask you!
With the [real-ip] feature, does it mean that the packet processing steps changed, that is, NAT is performed before Access-list?
Scenario to clarify, if we have Inside users going to the internet, and we have an Inside interface IN access-list, should we allow REAL ip addresses here or NATed IPs?
Thanks!
Ahmad
All ACLs (applied in any direction on any interface) should refer to the local (or real) ip addresses of the hosts in question.
So, for your ACL applied to the inside interface, the lines should permit or deny traffic from the real ip addresses of the hosts on the inside network, and not the translated addresses for those hosts.
http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp40036
Thank u Jay
Hi jay,
Nice to hear new things from you
Thanks
Roopesh M N
Video is not working, please someone send me the video link.
For some reason the video is not loading in Chrome, but does work in Firefox. Can you try Firefox?
Thanks Jay!!!
Excellent video, thank you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: