RAMU CH
asked on
Maximum PAT transalations through Cisco ASA 5510 Firewall
Hi,
Here my queries which is killling my mind regularly.Pls help with it
a) What is the Maximum PAT transalations ove ASA 5510 & ASA 5520
b) What is the Maximum Connections is okay over 5510 and 5520 .. Basically what does meant "CONNECTION" in fireall technology
c) I have Patted whole my INSIDE and two DMZ interfaces PATTED with a Interface IP ,which tranalated RAW data ans IPSEC data.. Is it good though in future because all translations are happening over only one IP address
4) Any troubleshoot Documnet about NAT / Accesslists /DMZ zones and security Levels , Connections and transalations etc so that i will read and get expertise in Firewall technologies
Regards
Ramu
Here my queries which is killling my mind regularly.Pls help with it
a) What is the Maximum PAT transalations ove ASA 5510 & ASA 5520
b) What is the Maximum Connections is okay over 5510 and 5520 .. Basically what does meant "CONNECTION" in fireall technology
c) I have Patted whole my INSIDE and two DMZ interfaces PATTED with a Interface IP ,which tranalated RAW data ans IPSEC data.. Is it good though in future because all translations are happening over only one IP address
4) Any troubleshoot Documnet about NAT / Accesslists /DMZ zones and security Levels , Connections and transalations etc so that i will read and get expertise in Firewall technologies
Regards
Ramu
What type of licenses do you have for both? Base? Sec. Plus?
Hi,
It is by default one can configure 65535 pat address on a single firewall .PAT is nothing but post address translation.In simple words PAT means it will convert an ip address into another ip address and go outside network if PAT is configured on Firewall and this is possible only if NAT is enabled on firewall.The configuration will be as below :
ASA #Config t
ASA(Conf-t)#Nat-Control
ASA(Conf-t)#Static (inside,outside) w.x.y.z (PAT while going outside the inside ip address) x.x.x.x (real ip Address of inside network)
ASA(Conf-t)#static(DMZ,out side) w.x.y.z (PAT while going outside the inside ip address) x.x.x.x (real ip Address of DMZ network)
It is by default one can configure 65535 pat address on a single firewall .PAT is nothing but post address translation.In simple words PAT means it will convert an ip address into another ip address and go outside network if PAT is configured on Firewall and this is possible only if NAT is enabled on firewall.The configuration will be as below :
ASA #Config t
ASA(Conf-t)#Nat-Control
ASA(Conf-t)#Static (inside,outside) w.x.y.z (PAT while going outside the inside ip address) x.x.x.x (real ip Address of inside network)
ASA(Conf-t)#static(DMZ,out
ASKER
Hi,
Mine is Sec-Plus License
Regards
Ramu
Mine is Sec-Plus License
Regards
Ramu
ASKER
Hi,
Pls reply
Regards
Ramu
Pls reply
Regards
Ramu
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks