Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 226
  • Last Modified:

Setup incoming one to one NAT

I am dealing with someone that is the administrator of a Cisco Firewall. I need him to setup a 1 -1 NAT so I can use a public IP address to get to a device on his network. He does not know how to do this and I have not touch a Cisco Firewall in years. Can someone tell me what I need to tell him.

0
ajdratch
Asked:
ajdratch
  • 2
  • 2
1 Solution
 
stsonlineCommented:
The syntax is:

static (interface of real IP, interface of NATd IP) <NAT> <real> netmask <mask of real IP>

So assuming you wanted to NAT an inside IP 192.168.1.100 to an outside NAT of 12.34.56.78, the command would be:

static (inside,outside) 12.34.56.78 192.168.1.100 netmask 255.255.255.255
0
 
PugglewuggleCommented:
That does look right. However, if that command does not work, you need to use the interface keyword, making it look something like this (where you replace the other IP address with the right address).
static (inside,outside) interface 192.168.1.100 netmask 255.255.255.255  
Also, stsonline forgot one thing - he forgot to setup an access-list to allow incoming connections.
You would need two more lines that look something like this where X is the port you need open.:
access-list outside_access_in permit ip any interface outside eq X
access-group outside_access_in interface outside
If you want more specific commands, get the config from him and post if here and I'll give you what you need to get it working.
Cheers!
0
 
ajdratchAuthor Commented:
I am looking to NAT a public IP 5.5.5.5 to a private IP 192.168.1.5. I need this for all ports. This is actually inside a large network so 5.5.5.5 is not really on the Internet but it is coming into the outside interface and being redirected to a device on the inside
0
 
PugglewuggleCommented:
static (inside,outside) 5.5.5.5 192.168.1.5 netmask 255.255.255.255
access-list outside_access_in permit ip any host 5.5.5.5
access-group outside_access_in interface outside
Cheers!
0
 
ajdratchAuthor Commented:
This was what I needed
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now