Static NAT

Unanswered Question
rajbhatt Wed, 08/15/2007 - 22:18
User Badges:



Hi,

You can use time based access lists for control



http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/a1_72.html#wp1444018


but nat cannot be done based on time instead u could try using policy nat if that solves ur purpose using

source and destination address but here time based access lists will not be supported


http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1042553


Raj

Jon Marshall Wed, 08/15/2007 - 23:09
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


As previous poster said you cannot do NAT based on time but it would be relatively easy to write a script that logs onto your firewall, clears the xlate for that static and then sets up a different static translation.


Jon

Jon Marshall Thu, 08/16/2007 - 04:44
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


I will try and dig one out that i did a while back to do a similiar sort of thing.


Couple of questions


1) Are you familiar with Tcl/TK

2) Are you familiar with Perl


Do you have a linux/unix box to run the script from or will it be a windows box.


Jon

Jon Marshall Thu, 08/16/2007 - 05:04
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Okay, no problem. As it's windows it might take a bit of time to dig out so bear with me.


Jon

srue Fri, 08/17/2007 - 19:40
User Badges:
  • Blue, 1500 points or more

You can install perl on windows (aka activeperl). You will also need the Windows version of the net::telnet & net::telnet::cisco modules. Adjust passwds and IP accordingly. Once you have the script working, just schedule it using windows.

=================================

#!/usr/bin/perl -w (adjust this accordingly)

use Net::Telnet::Cisco;


$passwd = 'telnet_passwd';

$enable_passwd = 'enable_passwd';


$pix = '192.168.1.1';


{

my $session = Net::Telnet::Cisco->new(Host => $pix, Timeout => 30);

$session->prompt('/[\$%#>] $/');

$session->login('pix', $passwd);

$session->enable($enable_passwd);

$session->cmd("conf t\nno static (inside,outside) 10.10.10.10 10.10.10.10\nstatic (inside,outside) 11.11.11.11 10.10.10.10");

}


==============

i've never configured a PeRL script to use ssh, but i suppose its possible.

Actions

This Discussion