Solved

Need to Nat a source IP on a Cisco ASA 5520

Posted on 2010-09-16
9
589 Views
Last Modified: 2012-05-10
I need to be able to nat the source ip. The connection is originating on a lower sercurity level port...
(low to high)
0
Comment
Question by:axl13
9 Comments
 
LVL 16

Expert Comment

by:InteraX
ID: 33693695
Do you need to nat the entire IP or just a port?

nat (srcint,dstint) <dstip> <srcip> mask <snmask>
0
 

Author Comment

by:axl13
ID: 33693794
I just need the source IP address nated, not the destination...
0
 
LVL 5

Expert Comment

by:shirkan
ID: 33694744
You always have a destination - Network address translation, translation means 2
You need to be more specific
like if you could post the parts of the config where things need to be done e.g. interfaces, existing static and global / nat statements - just change the ip's for security reasons
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:axl13
ID: 33694829

Source ip 140.152.14.214 (security level 0)
desttination ip 192.168.179.66 (security level 18)

all ready in place:  static (high, low) 192.168.179.66  192.168.179.66  netmask 255.255.255.255

We need to do a NAT on the source ip from 140.152.14.214 to 192.168.01
0
 
LVL 17

Accepted Solution

by:
Kvistofta earned 500 total points
ID: 33694917
static (outside,inside) 192.168.0.1 140.152.14.214

/Kvistofta
0
 

Author Comment

by:axl13
ID: 33701970
does not translate the source ip address.
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33702019
Yes it does.

static (inside,outside) which is the most common usage translates the destination address for traffic coming from outside to inside. For traffic from inside to outside it translates the source address.

The opposite static (outside,inside) translates the source address for trffic coming from outside to inside. For traffic from inside to outside it translates the destination address.

/Kvistofta
0
 

Author Comment

by:axl13
ID: 33702069

static (low,high) xxx.xxx.14.214 xx.xx.0.1 netmask 255.255.255.255

from the logs:

Sep 17 10:41:58  %ASA-6-302014: Teardown TCP connection 399839793 for eport:xxx.xxx.14.214/48377 to oft-ei:xxx.xxx.179.66/8080 duration 0:00:30 bytes 0 SYN Timeout
Sep 17 10:42:05  %ASA-6-302014: Teardown TCP connection 399839936 for eport:xxx.xxx.14.214/48403 to oft-ei:xxx.xxx.179.66/8080 duration 0:00:30 bytes 0 SYN Timeout

0
 

Author Closing Comment

by:axl13
ID: 33755006
I just need to reverse the ip address and it worked... Thanks
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
anyconnect password change 2 36
OSPF Question 12 62
eigrp routing loop 5 41
ISP Change 14 50
When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question