static NAT

Hi Experts,

On ASA 8.2 code, can someone tell me what this is doing?



access-list nat1 extended permit ip 192.168.1.0 255.255.255.0 host 10.20.20.20
static (outside, inside) 10.50.50.50 access-list nat1


Thanks!
trojan81Asked:
Who is Participating?
 
max_the_kingConnect With a Mentor Commented:
Hi,
that is a  policy static NAT: you can read the following link for full explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_overview.html#wp1088419

basically, you're telling ASA to use tha IP address 10.50.50.50 whenever an IP in the LAN 192.168.1.0 255.255.255.0 wants to get an IP connection to host 10.20.20.20.

hope this helps
max
0
 
Ernie BeekExpertCommented:
This is called policy nat.
As per Cisco: When you configure "policy NAT," you identify the real addresses and destination/source addresses using an extended access list.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_static.html#wp1074755
0
 
thpipfhCommented:
0
 
trojan81Author Commented:
Thanks guys, especially Max.  You've confirmed what I thought.

This is basically a destination NAT. When 192.168.0.1 on the inside talks to 10.20.20.20 on the outside, destination NAT it so that after the NAT is done it will look like this:
192.168.0.1 sending traffic to destination 10.50.50.50

Does that sound correct?
0
 
max_the_kingCommented:
Yes trojan81, where i may assume 10.50.50.50 comes from another interface, such as a dmz or something routed from above.

max
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.