Solved

static NAT

Posted on 2013-01-01
5
424 Views
Last Modified: 2013-01-02
Hi Experts,

On ASA 8.2 code, can someone tell me what this is doing?



access-list nat1 extended permit ip 192.168.1.0 255.255.255.0 host 10.20.20.20
static (outside, inside) 10.50.50.50 access-list nat1


Thanks!
0
Comment
Question by:trojan81
5 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38735815
This is called policy nat.
As per Cisco: When you configure "policy NAT," you identify the real addresses and destination/source addresses using an extended access list.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_static.html#wp1074755
0
 
LVL 16

Accepted Solution

by:
max_the_king earned 500 total points
ID: 38735825
Hi,
that is a  policy static NAT: you can read the following link for full explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_overview.html#wp1088419

basically, you're telling ASA to use tha IP address 10.50.50.50 whenever an IP in the LAN 192.168.1.0 255.255.255.0 wants to get an IP connection to host 10.20.20.20.

hope this helps
max
0
 
LVL 1

Expert Comment

by:thpipfh
ID: 38735923
0
 

Author Comment

by:trojan81
ID: 38736675
Thanks guys, especially Max.  You've confirmed what I thought.

This is basically a destination NAT. When 192.168.0.1 on the inside talks to 10.20.20.20 on the outside, destination NAT it so that after the NAT is done it will look like this:
192.168.0.1 sending traffic to destination 10.50.50.50

Does that sound correct?
0
 
LVL 16

Expert Comment

by:max_the_king
ID: 38736798
Yes trojan81, where i may assume 10.50.50.50 comes from another interface, such as a dmz or something routed from above.

max
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Lync - CUCM Integration Question 2 37
Vlan extend across 2 switches 16 27
Hit router interface limit 7 42
Cisco Router Security Commands. 2 31
There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question