cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2783
Views
0
Helpful
3
Replies

Cisco ASA 5505 IP NAT INSIDE command not working....

jroeser114
Level 1
Level 1

I have an Cisco ASA 5505. I am new to cisco devices and taking over a preconfigure device. I have a NAT policy that is pointing to the wrong IP address and I need to replace a IP NAT INSIDE SOURCE statement. Every time I run the command, I get an error of “Invalid input detected at ‘n’ marker”. It appears that it doesn’t understand the command: ip nat

I am in enable mode and config # but this doesn’t seem to matter. What am I doing wrong??? I have read a few forums that describe the command that I should be using but for some reason it’s not working.

HELP!!!

GOAL: forward ports 443 and 80 to an internal server address.

This was left from the previous IT guy and the (2) BOLD statements are the ones I am trying to change:

!

ip local pool SDM_POOL_1 192.168.2.1 192.168.2.20

ip classless

ip route 0.0.0.0 0.0.0.0 72.xxx.xxx.xxx

!

no ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source static tcp 192.168.1.105 135 interface FastEthernet4 135

ip nat inside source static tcp 192.168.1.105 443 interface FastEthernet4 443

ip nat inside source static tcp 192.168.1.105 80 interface FastEthernet4 80

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload

!

Any help is VERY appreciated!

Thanks

3 Replies 3

John Blakley
VIP Alumni
VIP Alumni

Yeah, ASAs are a little different. What version are you running? "sh ver" There are differences on the way that nat was changed from 8.2 -> 8.3, so knowing the version is important.

Otherwise, for example, if you run a web server inside and need to change the public IP for it, versions 8.2(5) and earlier statically assigned them like:

static (inside,outside) interface 192.168.1.105 netmask 255.255.255.255

On the acl on the outside interface you would have:

access-list OUTSIDE permit tcp any interface eq 80

access-group OUTSIDE in interface outside

John

HTH, John *** Please rate all useful posts ***

Running software version 8.2 (2) on Device Manager Version 6.2(5)

I tried the static  command but it appears I am screwing that one up too..... Sorry.  I want it to point to inside 192.168.1.175  How would the verbage go?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco