cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2620
Views
0
Helpful
4
Replies

HOW TO NAT Connnection on ASA 5505

ThomasMull9000
Level 1
Level 1

Hello Guys

first i thank full all cisco community they helped me alot withouth expert and university studies..

today i have a some issue about NAT

We HAVE SITE to site VPN , its fine working  .  our patern company request to use Public Ip instead of private ip address for encryption domain . and they said to us , you have to NAT for you private ip address to PUblic . really we don't know how to NAT for cisco ASA 5505 .

HERE IS THE CASE

OUR COMPANY = USES CISCO ASA 5505

OUR PUBLIC IP :      155.155.1555.20

PRIVATE IP :           192.168.7.2   ITS LINUX SERVER , SO  HOW WE CAN NAT THIS PRIVATE IP AND CHANGE IT TO PUBLIC

THANKS  A LOT

1 Accepted Solution

Accepted Solutions

If you only have 1 public IP and it is assigned to your ASA outside interface, then you would need to configure static PAT (you would need to know what exactly they want to access and configure the specific port that they need).

However, if you have a spare public IP Address, then you don't need to know exactly what they need to access and you can configure the linux server using the spare public IP.

Also, do they need to access the linux server using public IP via the VPN tunnel (encrypted)? or they are happy to access it just via the internet (clear text)?

View solution in original post

4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

A few questions before proceeding further:

- What version of ASA are you running.

- Is the public IP a spare public IP or it's assigned to the ASA outside interface?

- once you configure the NAT, you would also need to make changes to the crypto ACL, and also on the remote parent company end.

- If you don't mind, sharing the configuration of the ASA will help

Dea Jennifer thank you quick response i always appreciate your support..

let me picture you my network again..

We have Only One public Ip address 155.155.155.20 and it assigned for ASA outside interface ..

the only thing i need for this issue is a our Remote site want to access our lnside network 192.168.7.2 . but the remote office guys don't want to access as private ip address .. they need me to NAT 192.168.7.2 to public ip address .. so how i can NAT my outisde interface or give new NAT for other Public ip address.

If you only have 1 public IP and it is assigned to your ASA outside interface, then you would need to configure static PAT (you would need to know what exactly they want to access and configure the specific port that they need).

However, if you have a spare public IP Address, then you don't need to know exactly what they need to access and you can configure the linux server using the spare public IP.

Also, do they need to access the linux server using public IP via the VPN tunnel (encrypted)? or they are happy to access it just via the internet (clear text)?

Clear idea .. many many thanks .. Always you help us realy i appreicate ur comment