Solved

cisco ASA 5505

Posted on 2007-11-14
2
709 Views
Last Modified: 2012-10-21
How to configure cisco ASA 5505 NAT between two hosts/machines?
0
Comment
Question by:nsamri
2 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 125 total points
Comment Utility
Assuming the following values:

inside native IP address - 192.168.1.20
outside translated IP address - 1.1.1.1

Here is the command to translate the inside host at 192.168.1.20 to 1.1.1.1 when sending traffic to any host on the outside interface:

static (inside,outside) 1.1.1.1 192.168.1.20 netmask 255.255.255.255

If you want to translate that same inside host for traffic going to a host in a dmz network and you want to use it's own native IP address (192.168.1.20) for the translation, then you can use:

static (inside,dmz) 192.168.1.20 192.168.1.20 netmask 255.255.255.255

In this fashion, any machine on the dmz subnet will see the inside host as it's native IP address.
0
 
LVL 32

Assisted Solution

by:harbor235
harbor235 earned 125 total points
Comment Utility

You must be running 7.x or 8.x code on this ASA so make sure the following is also in place.

make sure you have the command "nat-control" in your config, otherwise the above config
commands will not work. Nat-control is disabled by default. Also, if you want NAT overload on the outside interface the above config will need some additional commands.

for instance;

nat (inside) 1 192.168.1.0 255.255.255.0
global (outside) 1 interface

Also, do not forget to add appropriate access-lists if outside initiated traffic is allowed in.

Here is a good doc:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1042823

HARBOR235 ;}

harbor235 ;}



0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now