?
Solved

static NAT

Posted on 2013-01-01
5
Medium Priority
?
427 Views
Last Modified: 2013-01-02
Hi Experts,

On ASA 8.2 code, can someone tell me what this is doing?



access-list nat1 extended permit ip 192.168.1.0 255.255.255.0 host 10.20.20.20
static (outside, inside) 10.50.50.50 access-list nat1


Thanks!
0
Comment
Question by:trojan81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38735815
This is called policy nat.
As per Cisco: When you configure "policy NAT," you identify the real addresses and destination/source addresses using an extended access list.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_static.html#wp1074755
0
 
LVL 16

Accepted Solution

by:
max_the_king earned 2000 total points
ID: 38735825
Hi,
that is a  policy static NAT: you can read the following link for full explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_overview.html#wp1088419

basically, you're telling ASA to use tha IP address 10.50.50.50 whenever an IP in the LAN 192.168.1.0 255.255.255.0 wants to get an IP connection to host 10.20.20.20.

hope this helps
max
0
 
LVL 1

Expert Comment

by:thpipfh
ID: 38735923
0
 

Author Comment

by:trojan81
ID: 38736675
Thanks guys, especially Max.  You've confirmed what I thought.

This is basically a destination NAT. When 192.168.0.1 on the inside talks to 10.20.20.20 on the outside, destination NAT it so that after the NAT is done it will look like this:
192.168.0.1 sending traffic to destination 10.50.50.50

Does that sound correct?
0
 
LVL 16

Expert Comment

by:max_the_king
ID: 38736798
Yes trojan81, where i may assume 10.50.50.50 comes from another interface, such as a dmz or something routed from above.

max
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question