cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
734
Views
4
Helpful
8
Replies

Static NAT

img
Level 1
Level 1

I wonder that can we configure Time based Static nat i.e During Office hours my private IP to be natted to a Public IP but after office hours the IP should be natted to a diffrent public IP ? is it possible any ways ?

8 Replies 8

rajbhatt
Level 3
Level 3

Hi,

You can use time based access lists for control

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/a1_72.html#wp1444018

but nat cannot be done based on time instead u could try using policy nat if that solves ur purpose using

source and destination address but here time based access lists will not be supported

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1042553

Raj

Jon Marshall
Hall of Fame
Hall of Fame

Hi

As previous poster said you cannot do NAT based on time but it would be relatively easy to write a script that logs onto your firewall, clears the xlate for that static and then sets up a different static translation.

Jon

Can you please provide me a sample script ?

Hi

I will try and dig one out that i did a while back to do a similiar sort of thing.

Couple of questions

1) Are you familiar with Tcl/TK

2) Are you familiar with Perl

Do you have a linux/unix box to run the script from or will it be a windows box.

Jon

nup i am not familer with both the scripting you mentioned but just provide me sample script, my look out to understand it.

Thanks in advance!

it will be a windows box where i would like to run the script from!

Thanks very much

Okay, no problem. As it's windows it might take a bit of time to dig out so bear with me.

Jon

You can install perl on windows (aka activeperl). You will also need the Windows version of the net::telnet & net::telnet::cisco modules. Adjust passwds and IP accordingly. Once you have the script working, just schedule it using windows.

=================================

#!/usr/bin/perl -w (adjust this accordingly)

use Net::Telnet::Cisco;

$passwd = 'telnet_passwd';

$enable_passwd = 'enable_passwd';

$pix = '192.168.1.1';

{

my $session = Net::Telnet::Cisco->new(Host => $pix, Timeout => 30);

$session->prompt('/[\$%#>] $/');

$session->login('pix', $passwd);

$session->enable($enable_passwd);

$session->cmd("conf t\nno static (inside,outside) 10.10.10.10 10.10.10.10\nstatic (inside,outside) 11.11.11.11 10.10.10.10");

}

==============

i've never configured a PeRL script to use ssh, but i suppose its possible.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: