Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Setup incoming one to one NAT

Posted on 2008-10-08
5
Medium Priority
?
223 Views
Last Modified: 2012-05-05
I am dealing with someone that is the administrator of a Cisco Firewall. I need him to setup a 1 -1 NAT so I can use a public IP address to get to a device on his network. He does not know how to do this and I have not touch a Cisco Firewall in years. Can someone tell me what I need to tell him.

0
Comment
Question by:ajdratch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 10

Expert Comment

by:stsonline
ID: 22671926
The syntax is:

static (interface of real IP, interface of NATd IP) <NAT> <real> netmask <mask of real IP>

So assuming you wanted to NAT an inside IP 192.168.1.100 to an outside NAT of 12.34.56.78, the command would be:

static (inside,outside) 12.34.56.78 192.168.1.100 netmask 255.255.255.255
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22672158
That does look right. However, if that command does not work, you need to use the interface keyword, making it look something like this (where you replace the other IP address with the right address).
static (inside,outside) interface 192.168.1.100 netmask 255.255.255.255  
Also, stsonline forgot one thing - he forgot to setup an access-list to allow incoming connections.
You would need two more lines that look something like this where X is the port you need open.:
access-list outside_access_in permit ip any interface outside eq X
access-group outside_access_in interface outside
If you want more specific commands, get the config from him and post if here and I'll give you what you need to get it working.
Cheers!
0
 

Author Comment

by:ajdratch
ID: 22672464
I am looking to NAT a public IP 5.5.5.5 to a private IP 192.168.1.5. I need this for all ports. This is actually inside a large network so 5.5.5.5 is not really on the Internet but it is coming into the outside interface and being redirected to a device on the inside
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 2000 total points
ID: 22672531
static (inside,outside) 5.5.5.5 192.168.1.5 netmask 255.255.255.255
access-list outside_access_in permit ip any host 5.5.5.5
access-group outside_access_in interface outside
Cheers!
0
 

Author Closing Comment

by:ajdratch
ID: 31504342
This was what I needed
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question