cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
98135
Views
45
Helpful
23
Comments
Jay Johnston
Cisco Employee
Cisco Employee

The video below provides a basic command line configuration example  of Network Address Translation (NAT) on the CIsco ASA Version 8.3. See  below for links to more information about NAT Configuration on version  8.3

ASA 8.3 Command Line Configuration Guide; Configuring NAT:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html

ASA Pre-8.3 to 8.3 NAT configuration examples:

https://supportforums.cisco.com/docs/DOC-9129

Comments
gthermaenius
Level 1
Level 1

Thanks, its been a while since i did ASAs great help. One thing though last time I checked 10.1.0.0/16 etc would still be a class A address

Jay Johnston
Cisco Employee
Cisco Employee

Yeah, I should have said "slash-16"

MARTIN CHONG
Level 1
Level 1

The video is well presented and provides a fairly good summary. I'd like to see the nat command explained in a little more detail. Of course I really wish they hadn't gone this route with the nat configuration.

epatrickwhite
Level 1
Level 1

This was a big help to me.  I was told to upgrade this 5505 before I deployed it today so I was not familiar with these new changes, I saw there were notes and instructions but I needed to understand it quickly.  This was very straight forward and I was able to figure it out from here without spending too much time reading.  Now when I go back and read I'll have a better understanding of the changes.


Sometimes I feel like I have to read this stuff over and over before I comprehend it, I didn't have to do that this time!

Jay Johnston
Cisco Employee
Cisco Employee

Thanks, I'm very glad the video helped!

jimi.friis
Level 1
Level 1

Great video Jay! Thanks

//JimiSweden

richdepas
Level 1
Level 1

Excellent video. Real help with setting up NAT statements in 8.4. Picture is worth a thousand words and this video is worth a million. Thanks!

a.matahen
Level 1
Level 1

Hello Jay,

Thank you for the great video!

I have a quick question that I would like to ask you!

With the [real-ip] feature, does it mean that the packet processing steps changed, that is, NAT is performed before Access-list?

Scenario to clarify, if we have Inside users going to the internet, and we have an Inside interface IN access-list, should we allow REAL ip addresses here or NATed IPs?

Thanks!

Ahmad

Jay Johnston
Cisco Employee
Cisco Employee

All ACLs (applied in any direction on any interface) should refer to the local (or real) ip addresses of the hosts in question.

So, for your ACL applied to the inside interface, the lines should permit or deny traffic from the real ip addresses of the hosts on the inside network, and not the translated addresses for those hosts.

http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp40036

https://supportforums.cisco.com/docs/DOC-12690#ACL_Changes

a.matahen
Level 1
Level 1

Thank u Jay

roopesh.n
Level 1
Level 1

Hi jay,

Nice to hear new things from you

Thanks

Roopesh M N

deararajesh
Community Member

Video is not working, please someone send me the video link.

Jay Johnston
Cisco Employee
Cisco Employee

For some reason the video is not loading in Chrome, but does work in Firefox. Can you try Firefox?

hugginsbc
Level 1
Level 1

Thanks Jay!!!

HBernard
Level 1
Level 1

Excellent video, thank you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: