10-28-2012 02:20 AM
Hello Guys
first i thank full all cisco community they helped me alot withouth expert and university studies..
today i have a some issue about NAT
We HAVE SITE to site VPN , its fine working . our patern company request to use Public Ip instead of private ip address for encryption domain . and they said to us , you have to NAT for you private ip address to PUblic . really we don't know how to NAT for cisco ASA 5505 .
HERE IS THE CASE
OUR COMPANY = USES CISCO ASA 5505
OUR PUBLIC IP : 155.155.1555.20
PRIVATE IP : 192.168.7.2 ITS LINUX SERVER , SO HOW WE CAN NAT THIS PRIVATE IP AND CHANGE IT TO PUBLIC
THANKS A LOT
Solved! Go to Solution.
10-31-2012 01:52 PM
If you only have 1 public IP and it is assigned to your ASA outside interface, then you would need to configure static PAT (you would need to know what exactly they want to access and configure the specific port that they need).
However, if you have a spare public IP Address, then you don't need to know exactly what they need to access and you can configure the linux server using the spare public IP.
Also, do they need to access the linux server using public IP via the VPN tunnel (encrypted)? or they are happy to access it just via the internet (clear text)?
10-28-2012 02:51 AM
A few questions before proceeding further:
- What version of ASA are you running.
- Is the public IP a spare public IP or it's assigned to the ASA outside interface?
- once you configure the NAT, you would also need to make changes to the crypto ACL, and also on the remote parent company end.
- If you don't mind, sharing the configuration of the ASA will help
10-31-2012 07:32 AM
Dea Jennifer thank you quick response i always appreciate your support..
let me picture you my network again..
We have Only One public Ip address 155.155.155.20 and it assigned for ASA outside interface ..
the only thing i need for this issue is a our Remote site want to access our lnside network 192.168.7.2 . but the remote office guys don't want to access as private ip address .. they need me to NAT 192.168.7.2 to public ip address .. so how i can NAT my outisde interface or give new NAT for other Public ip address.
10-31-2012 01:52 PM
If you only have 1 public IP and it is assigned to your ASA outside interface, then you would need to configure static PAT (you would need to know what exactly they want to access and configure the specific port that they need).
However, if you have a spare public IP Address, then you don't need to know exactly what they need to access and you can configure the linux server using the spare public IP.
Also, do they need to access the linux server using public IP via the VPN tunnel (encrypted)? or they are happy to access it just via the internet (clear text)?
11-04-2012 11:02 PM
Clear idea .. many many thanks .. Always you help us realy i appreicate ur comment
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide