• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 633
  • Last Modified:

Need to Nat a source IP on a Cisco ASA 5520

I need to be able to nat the source ip. The connection is originating on a lower sercurity level port...
(low to high)
0
axl13
Asked:
axl13
1 Solution
 
InteraXCommented:
Do you need to nat the entire IP or just a port?

nat (srcint,dstint) <dstip> <srcip> mask <snmask>
0
 
axl13Author Commented:
I just need the source IP address nated, not the destination...
0
 
Markus BraunCEOCommented:
You always have a destination - Network address translation, translation means 2
You need to be more specific
like if you could post the parts of the config where things need to be done e.g. interfaces, existing static and global / nat statements - just change the ip's for security reasons
0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

 
axl13Author Commented:

Source ip 140.152.14.214 (security level 0)
desttination ip 192.168.179.66 (security level 18)

all ready in place:  static (high, low) 192.168.179.66  192.168.179.66  netmask 255.255.255.255

We need to do a NAT on the source ip from 140.152.14.214 to 192.168.01
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
static (outside,inside) 192.168.0.1 140.152.14.214

/Kvistofta
0
 
axl13Author Commented:
does not translate the source ip address.
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Yes it does.

static (inside,outside) which is the most common usage translates the destination address for traffic coming from outside to inside. For traffic from inside to outside it translates the source address.

The opposite static (outside,inside) translates the source address for trffic coming from outside to inside. For traffic from inside to outside it translates the destination address.

/Kvistofta
0
 
axl13Author Commented:

static (low,high) xxx.xxx.14.214 xx.xx.0.1 netmask 255.255.255.255

from the logs:

Sep 17 10:41:58  %ASA-6-302014: Teardown TCP connection 399839793 for eport:xxx.xxx.14.214/48377 to oft-ei:xxx.xxx.179.66/8080 duration 0:00:30 bytes 0 SYN Timeout
Sep 17 10:42:05  %ASA-6-302014: Teardown TCP connection 399839936 for eport:xxx.xxx.14.214/48403 to oft-ei:xxx.xxx.179.66/8080 duration 0:00:30 bytes 0 SYN Timeout

0
 
axl13Author Commented:
I just need to reverse the ip address and it worked... Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now