11-07-2007 11:05 AM - edited 03-03-2019 05:43 AM
Hi all, can anyone tell me the command for natting to the outside interface address for all my internal users internet access, i know on my router its ip nat inside source list 1 interface dialler1 overload.
what is the command on the asa for this ?
thanks
11-07-2007 12:10 PM
Carl
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface
Assuming you have called the inside interface "inside" and the outside interface "outside".
HTH
Jon
11-08-2007 01:34 AM
what is the global command used for here ?
11-08-2007 02:42 AM
The global command is needed to tie it to the relevant NAT command ie
nat (inside) 1 0.0.0.0 0.0.0.0
says NAT all addresses ariiving on the inside interface BUT it doesn't tell you what you want to NAT it to. That is what the global command does
global (outside) 1 interface
Notice the same index number (1) has been used in the nat and global statements.
Jon
11-08-2007 06:47 AM
Hi
how would i do a static nat translation on the asa also ?
11-08-2007 08:57 AM
can you explain a little more on the global command and the outside command ? ie do you need to specify the outside interface name ie outside interface eth1 ?
11-08-2007 12:09 PM
Hi Carl
Sorry i missed this before.
To answer your first question. To create a static translation
static (inside,outside) 217.75.10.2 192.168.5.1 netmask 255.255.255.255
means - present the internal address of 192.168.5.1 as 217.75.10.2 to the outside of the pix.
As for the global command
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 217.66.10.5
means Nat all internal address to the ip address 217.66.10.5
using the command
global (outside) 1 interface
is just shorthand really to say NAT all inside addresses to the address of the pix outside interface. You don't need to use the actual physical interface name ie. eth1 because the pix/asa device refers to the eth1 interface as "outside".
Hope this makes sense
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide