[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1495
  • Last Modified:

Many to One NAT with Cisco ASA

What is the script? If the servers with 3 inside IPs (192.168.1.43~45) NAT to an outside IP (58.168.1.40).
0
chekfu
Asked:
chekfu
  • 2
  • 2
1 Solution
 
asavenerCommented:
access-list NAT extended permit ip host 192.168.1.43 any
 access-list NAT extended permit ip host 192.168.1.44 any
 access-list NAT extended permit ip host 192.168.1.45 any
 
global (outside) 1 58.168.1.40
nat (inside) 1 access-list NAT
0
 
chekfuAuthor Commented:

Will it be conflict? My firewall has the following script:
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
0
 
chekfuAuthor Commented:
Many thanks!
0
 
asavenerCommented:
Yes, it will conflict.

You need to modify the existing NAT statement:

access-list NAT-1 extended deny ip host 192.168.1.43 any
access-list NAT-1 extended deny ip host 192.168.1.44 any
access-list NAT-1 extended deny ip host 192.168.1.45 any
access-list NAT-1 extended permit ip any any
 
no nat (inside) 1 0.0.0.0 0.0.0.0
nat (inside) 1 access-list NAT-1

Then add the new statements using a new Global address:

access-list NAT-2 extended permit ip host 192.168.1.43 any
 access-list NAT-2 extended permit ip host 192.168.1.44 any
 access-list NAT-2 extended permit ip host 192.168.1.45 any
 
global (outside) 2 58.168.1.40
nat (inside) 2 access-list NAT-2

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now