Solved

Setup incoming one to one NAT

Posted on 2008-10-08
5
213 Views
Last Modified: 2012-05-05
I am dealing with someone that is the administrator of a Cisco Firewall. I need him to setup a 1 -1 NAT so I can use a public IP address to get to a device on his network. He does not know how to do this and I have not touch a Cisco Firewall in years. Can someone tell me what I need to tell him.

0
Comment
Question by:ajdratch
  • 2
  • 2
5 Comments
 
LVL 10

Expert Comment

by:stsonline
Comment Utility
The syntax is:

static (interface of real IP, interface of NATd IP) <NAT> <real> netmask <mask of real IP>

So assuming you wanted to NAT an inside IP 192.168.1.100 to an outside NAT of 12.34.56.78, the command would be:

static (inside,outside) 12.34.56.78 192.168.1.100 netmask 255.255.255.255
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
That does look right. However, if that command does not work, you need to use the interface keyword, making it look something like this (where you replace the other IP address with the right address).
static (inside,outside) interface 192.168.1.100 netmask 255.255.255.255  
Also, stsonline forgot one thing - he forgot to setup an access-list to allow incoming connections.
You would need two more lines that look something like this where X is the port you need open.:
access-list outside_access_in permit ip any interface outside eq X
access-group outside_access_in interface outside
If you want more specific commands, get the config from him and post if here and I'll give you what you need to get it working.
Cheers!
0
 

Author Comment

by:ajdratch
Comment Utility
I am looking to NAT a public IP 5.5.5.5 to a private IP 192.168.1.5. I need this for all ports. This is actually inside a large network so 5.5.5.5 is not really on the Internet but it is coming into the outside interface and being redirected to a device on the inside
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
Comment Utility
static (inside,outside) 5.5.5.5 192.168.1.5 netmask 255.255.255.255
access-list outside_access_in permit ip any host 5.5.5.5
access-group outside_access_in interface outside
Cheers!
0
 

Author Closing Comment

by:ajdratch
Comment Utility
This was what I needed
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now