Solved

Setup incoming one to one NAT

Posted on 2008-10-08
5
214 Views
Last Modified: 2012-05-05
I am dealing with someone that is the administrator of a Cisco Firewall. I need him to setup a 1 -1 NAT so I can use a public IP address to get to a device on his network. He does not know how to do this and I have not touch a Cisco Firewall in years. Can someone tell me what I need to tell him.

0
Comment
Question by:ajdratch
  • 2
  • 2
5 Comments
 
LVL 10

Expert Comment

by:stsonline
ID: 22671926
The syntax is:

static (interface of real IP, interface of NATd IP) <NAT> <real> netmask <mask of real IP>

So assuming you wanted to NAT an inside IP 192.168.1.100 to an outside NAT of 12.34.56.78, the command would be:

static (inside,outside) 12.34.56.78 192.168.1.100 netmask 255.255.255.255
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22672158
That does look right. However, if that command does not work, you need to use the interface keyword, making it look something like this (where you replace the other IP address with the right address).
static (inside,outside) interface 192.168.1.100 netmask 255.255.255.255  
Also, stsonline forgot one thing - he forgot to setup an access-list to allow incoming connections.
You would need two more lines that look something like this where X is the port you need open.:
access-list outside_access_in permit ip any interface outside eq X
access-group outside_access_in interface outside
If you want more specific commands, get the config from him and post if here and I'll give you what you need to get it working.
Cheers!
0
 

Author Comment

by:ajdratch
ID: 22672464
I am looking to NAT a public IP 5.5.5.5 to a private IP 192.168.1.5. I need this for all ports. This is actually inside a large network so 5.5.5.5 is not really on the Internet but it is coming into the outside interface and being redirected to a device on the inside
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22672531
static (inside,outside) 5.5.5.5 192.168.1.5 netmask 255.255.255.255
access-list outside_access_in permit ip any host 5.5.5.5
access-group outside_access_in interface outside
Cheers!
0
 

Author Closing Comment

by:ajdratch
ID: 31504342
This was what I needed
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CUCM how to add a new extension number to a user that has one & also has phone assigned to him to 3 33
cisco VIRL 3 44
Access List 2 18
Cisco Router help 5 50
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now