Solved

NAT question

Posted on 2014-12-17
6
90 Views
Last Modified: 2015-01-06
How do I do a IP address translation from one IP to the other? for ex. in my case, i will be doing an inside ip address of a router that will be translated into another local ip address.
0
Comment
Question by:Shark Attack
  • 3
  • 3
6 Comments
 
LVL 5

Expert Comment

by:jkeegan123
ID: 40505383
When you NAT, there is always a device that will be doing the NAT.  Traffic is sent to the device (typically a default gateway) and traffic LEAVES the device translated with a new header, and a NAT table is kept so that traffic can RETURN to the sending device.

If you want to NAT an INSIDE address to another INSIDE address, that could be slightly more complicated.  Can you please provide more details?

- Your segment has a router
- Your PC/device that needs to NAT is on the same subnet as the router
- You want to translate the device's IP to another IP ... what is that IP?  Is it another IP on the same subnet?

If you could give general answers so that we knew the WHY of what you were trying to do, this would make answering easy.

Thanks~!
0
 
LVL 1

Author Comment

by:Shark Attack
ID: 40505431
take a look at the atatched. asa is where Im at. going to the router via l2l tunnel. I need nat translate from 172.28.5.40 NAT'd to 192.168.10.9 which is the route to dms'z they installed. does that make sense?
map.pdf
0
 
LVL 5

Accepted Solution

by:
jkeegan123 earned 500 total points
ID: 40505468
If you want to NAT before the VPN happens, and assuming that "interesting traffic" is already defined as source:192.168.10.9, then you'll need to setup a Policy-NAT to change traffic to this IP:

1. Setup a GLOBAL IP address of the IP that you want to translate to with a NAT ID.
2. Setup an access-list defining that traffic that you want to NAT (what source IP, what destination IP)
3. Setup a NAT statement to do the NAT using the NAT ID established in step 1

global (outside) 10 192.168.10.9
access-list policy-nat permit ip host 172.28.5.40 any
nat (inside) 10 access-list policy-nat

(2nd statement says that 172.28.5.40 will be NAT'd to 192.168.10.9 no matter WHAT the destination is).
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:Shark Attack
ID: 40505493
im assumingthat there might be asa between the router and dsl modem there. when i show the show ip nat statistics/trans I dont get anything so Im assuming the asa does that, I do not have access to the ASA there. would it make more sense to do this on that router inside interface or on my asa?
0
 
LVL 5

Expert Comment

by:jkeegan123
ID: 40505590
what version of Cisco ASA software (show ver) are you running?
0
 
LVL 1

Author Comment

by:Shark Attack
ID: 40505594
ASA5520 8.2
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
VPN 101 - how and which protocol? 9 66
DNS on-premise and on-cloud 15 69
gns3 with layer 3 switch 6 32
cisco switch stacking 6 35
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now