Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
0
Helpful
4
Replies

In and Out NAT question

zivmosery
Level 1
Level 1

‎06-05-2007 01:19 AM - edited ‎03-11-2019 03:24 AM

Hi All,

I have a scenario i am trying to configure.

I have 2 internal hosts behind 2 different internal interfaces with private ip networks. (Network A and Network B).

I also have 2 public IP's i am using to hide NAT traffic going to the internet.

(IP 1 for Network A and IP 2 For Network B).

The Problem:

I have one internet host that needs to access an internal IP in Network B using the public IP 1.

I am using ASDM to configure it all, using Dynamic NAT for the outgoing traffic and Static Policy NAT for the incoming traffic, but i guess this is wrong because it simply doesn't work.

I also tried using static policy NAT for both incoming and outgoing traffic without success.

Can someone tell me if there is a solution and what is it?

Thanks,

Ziv

Labels:
0 Helpful
4 Replies 4

emad.silicon
Level 1
Level 1

‎06-05-2007 03:15 AM

ok friend if i understand your problem so the solution will be :

global(outside) 1 ip-public 1

global(outside) 2 ip-public 2

nat(inside1) 1 network a

nat(inside2) 2 network b

static(inside2,outside) public3 Pri-ip-Net2

access-list any-name permit any public3

access-group any-name in int outside

you must use a 3th public ip to assigne it for the internal host by useing static command

pleas if this don't solue your problem can you send me the info in more detiled

bye

0 Helpful

zivmosery
Level 1
Level 1
In response to emad.silicon

‎06-05-2007 03:52 AM

First of all thanks for you answer.

So in other words what you are saying is that i can't use 1 IP address for both incoming and outgoing connections?

0 Helpful

emad.silicon
Level 1
Level 1
In response to zivmosery

‎06-06-2007 02:33 AM

Hi friend :

No you can use 1 ip for in and out but you have to write the comand in more detiled e.g

static(inside,outside)tcp ip1 port1 ip2 port2

but in your case you don't expline that

bec if you don't spesfied a port so you will use this public to this privaite in all connections.

i wish you understand what i talk about .

bye

0 Helpful

JACKY NIGLIO
Level 1
Level 1
In response to emad.silicon

‎06-11-2007 02:34 PM

hello,

i have a same problem with ASA 5505

I have just one Ip public and it's doesn't work with

static ( inside,outside )tcp interface www 192.168.1.1/32 wwww

but with a pix 501 that work fine but not with ASA ?

Do you have a solution ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card