03-07-2012 02:02 PM - edited 03-07-2019 05:25 AM
I have an Cisco ASA 5505. I am new to cisco devices and taking over a preconfigure device. I have a NAT policy that is pointing to the wrong IP address and I need to replace a IP NAT INSIDE SOURCE statement. Every time I run the command, I get an error of “Invalid input detected at ‘n’ marker”. It appears that it doesn’t understand the command: ip nat
I am in enable mode and config # but this doesn’t seem to matter. What am I doing wrong??? I have read a few forums that describe the command that I should be using but for some reason it’s not working.
HELP!!!
GOAL: forward ports 443 and 80 to an internal server address.
This was left from the previous IT guy and the (2) BOLD statements are the ones I am trying to change:
!
ip local pool SDM_POOL_1 192.168.2.1 192.168.2.20
ip classless
ip route 0.0.0.0 0.0.0.0 72.xxx.xxx.xxx
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.1.105 135 interface FastEthernet4 135
ip nat inside source static tcp 192.168.1.105 443 interface FastEthernet4 443
ip nat inside source static tcp 192.168.1.105 80 interface FastEthernet4 80
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
!
Any help is VERY appreciated!
Thanks
03-07-2012 02:08 PM
Yeah, ASAs are a little different. What version are you running? "sh ver" There are differences on the way that nat was changed from 8.2 -> 8.3, so knowing the version is important.
Otherwise, for example, if you run a web server inside and need to change the public IP for it, versions 8.2(5) and earlier statically assigned them like:
static (inside,outside) interface 192.168.1.105 netmask 255.255.255.255
On the acl on the outside interface you would have:
access-list OUTSIDE permit tcp any interface eq 80
access-group OUTSIDE in interface outside
John
03-07-2012 02:53 PM
Running software version 8.2 (2) on Device Manager Version 6.2(5)
03-07-2012 03:02 PM
I tried the static command but it appears I am screwing that one up too..... Sorry. I want it to point to inside 192.168.1.175 How would the verbage go?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide