Solved

Setup incoming one to one NAT

Posted on 2008-10-08
5
216 Views
Last Modified: 2012-05-05
I am dealing with someone that is the administrator of a Cisco Firewall. I need him to setup a 1 -1 NAT so I can use a public IP address to get to a device on his network. He does not know how to do this and I have not touch a Cisco Firewall in years. Can someone tell me what I need to tell him.

0
Comment
Question by:ajdratch
  • 2
  • 2
5 Comments
 
LVL 10

Expert Comment

by:stsonline
ID: 22671926
The syntax is:

static (interface of real IP, interface of NATd IP) <NAT> <real> netmask <mask of real IP>

So assuming you wanted to NAT an inside IP 192.168.1.100 to an outside NAT of 12.34.56.78, the command would be:

static (inside,outside) 12.34.56.78 192.168.1.100 netmask 255.255.255.255
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22672158
That does look right. However, if that command does not work, you need to use the interface keyword, making it look something like this (where you replace the other IP address with the right address).
static (inside,outside) interface 192.168.1.100 netmask 255.255.255.255  
Also, stsonline forgot one thing - he forgot to setup an access-list to allow incoming connections.
You would need two more lines that look something like this where X is the port you need open.:
access-list outside_access_in permit ip any interface outside eq X
access-group outside_access_in interface outside
If you want more specific commands, get the config from him and post if here and I'll give you what you need to get it working.
Cheers!
0
 

Author Comment

by:ajdratch
ID: 22672464
I am looking to NAT a public IP 5.5.5.5 to a private IP 192.168.1.5. I need this for all ports. This is actually inside a large network so 5.5.5.5 is not really on the Internet but it is coming into the outside interface and being redirected to a device on the inside
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22672531
static (inside,outside) 5.5.5.5 192.168.1.5 netmask 255.255.255.255
access-list outside_access_in permit ip any host 5.5.5.5
access-group outside_access_in interface outside
Cheers!
0
 

Author Closing Comment

by:ajdratch
ID: 31504342
This was what I needed
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question