Solved

static NAT

Posted on 2013-01-01
5
418 Views
Last Modified: 2013-01-02
Hi Experts,

On ASA 8.2 code, can someone tell me what this is doing?



access-list nat1 extended permit ip 192.168.1.0 255.255.255.0 host 10.20.20.20
static (outside, inside) 10.50.50.50 access-list nat1


Thanks!
0
Comment
Question by:trojan81
5 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38735815
This is called policy nat.
As per Cisco: When you configure "policy NAT," you identify the real addresses and destination/source addresses using an extended access list.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_static.html#wp1074755
0
 
LVL 15

Accepted Solution

by:
max_the_king earned 500 total points
ID: 38735825
Hi,
that is a  policy static NAT: you can read the following link for full explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_overview.html#wp1088419

basically, you're telling ASA to use tha IP address 10.50.50.50 whenever an IP in the LAN 192.168.1.0 255.255.255.0 wants to get an IP connection to host 10.20.20.20.

hope this helps
max
0
 
LVL 1

Expert Comment

by:thpipfh
ID: 38735923
0
 

Author Comment

by:trojan81
ID: 38736675
Thanks guys, especially Max.  You've confirmed what I thought.

This is basically a destination NAT. When 192.168.0.1 on the inside talks to 10.20.20.20 on the outside, destination NAT it so that after the NAT is done it will look like this:
192.168.0.1 sending traffic to destination 10.50.50.50

Does that sound correct?
0
 
LVL 15

Expert Comment

by:max_the_king
ID: 38736798
Yes trojan81, where i may assume 10.50.50.50 comes from another interface, such as a dmz or something routed from above.

max
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 2960 PACL 9 93
Using Cisco Meraki for home use after the license expired ? 7 81
Cisco Firewall setup within a managed office 8 69
Using VLAN Interface in ASA 5 21
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now