Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 431
  • Last Modified:

static NAT

Hi Experts,

On ASA 8.2 code, can someone tell me what this is doing?



access-list nat1 extended permit ip 192.168.1.0 255.255.255.0 host 10.20.20.20
static (outside, inside) 10.50.50.50 access-list nat1


Thanks!
0
trojan81
Asked:
trojan81
1 Solution
 
Ernie BeekExpertCommented:
This is called policy nat.
As per Cisco: When you configure "policy NAT," you identify the real addresses and destination/source addresses using an extended access list.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_static.html#wp1074755
0
 
max_the_kingCommented:
Hi,
that is a  policy static NAT: you can read the following link for full explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_overview.html#wp1088419

basically, you're telling ASA to use tha IP address 10.50.50.50 whenever an IP in the LAN 192.168.1.0 255.255.255.0 wants to get an IP connection to host 10.20.20.20.

hope this helps
max
0
 
thpipfhCommented:
0
 
trojan81Author Commented:
Thanks guys, especially Max.  You've confirmed what I thought.

This is basically a destination NAT. When 192.168.0.1 on the inside talks to 10.20.20.20 on the outside, destination NAT it so that after the NAT is done it will look like this:
192.168.0.1 sending traffic to destination 10.50.50.50

Does that sound correct?
0
 
max_the_kingCommented:
Yes trojan81, where i may assume 10.50.50.50 comes from another interface, such as a dmz or something routed from above.

max
0

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now