• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 178
  • Last Modified:

NAT question

How do I do a IP address translation from one IP to the other? for ex. in my case, i will be doing an inside ip address of a router that will be translated into another local ip address.
0
Shark Attack
Asked:
Shark Attack
  • 3
  • 3
1 Solution
 
jkeegan123Commented:
When you NAT, there is always a device that will be doing the NAT.  Traffic is sent to the device (typically a default gateway) and traffic LEAVES the device translated with a new header, and a NAT table is kept so that traffic can RETURN to the sending device.

If you want to NAT an INSIDE address to another INSIDE address, that could be slightly more complicated.  Can you please provide more details?

- Your segment has a router
- Your PC/device that needs to NAT is on the same subnet as the router
- You want to translate the device's IP to another IP ... what is that IP?  Is it another IP on the same subnet?

If you could give general answers so that we knew the WHY of what you were trying to do, this would make answering easy.

Thanks~!
0
 
Shark AttackNetwork adminAuthor Commented:
take a look at the atatched. asa is where Im at. going to the router via l2l tunnel. I need nat translate from 172.28.5.40 NAT'd to 192.168.10.9 which is the route to dms'z they installed. does that make sense?
map.pdf
0
 
jkeegan123Commented:
If you want to NAT before the VPN happens, and assuming that "interesting traffic" is already defined as source:192.168.10.9, then you'll need to setup a Policy-NAT to change traffic to this IP:

1. Setup a GLOBAL IP address of the IP that you want to translate to with a NAT ID.
2. Setup an access-list defining that traffic that you want to NAT (what source IP, what destination IP)
3. Setup a NAT statement to do the NAT using the NAT ID established in step 1

global (outside) 10 192.168.10.9
access-list policy-nat permit ip host 172.28.5.40 any
nat (inside) 10 access-list policy-nat

(2nd statement says that 172.28.5.40 will be NAT'd to 192.168.10.9 no matter WHAT the destination is).
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
Shark AttackNetwork adminAuthor Commented:
im assumingthat there might be asa between the router and dsl modem there. when i show the show ip nat statistics/trans I dont get anything so Im assuming the asa does that, I do not have access to the ASA there. would it make more sense to do this on that router inside interface or on my asa?
0
 
jkeegan123Commented:
what version of Cisco ASA software (show ver) are you running?
0
 
Shark AttackNetwork adminAuthor Commented:
ASA5520 8.2
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now