Static Nat and Nat 0

Unanswered Question
Nov 20th, 2007
User Badges:

Hi,


I have an ASA running ver 8.0.


I want to create a static NAT for one host residing on the LAN hanging off the inside interface.


All other traffic going through the firewall should not be natted (or natted to the same IP). Would this configuration work ok.


nat-control

static (inside,outside) 10.131.2.19 10.1.19.9

nat (inside) 0 access-list nonat

nat (outside) 0 access-list nonat


access-list nonat permit ip any any


Any advice on how to do this a better way would also be appreciated.


Cheers


Lee

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 11/20/2007 - 07:30
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Lee


nat-control

static (inside,outside) 10.131.2.19 10.1.19.9

nat (inside) 0 0.0.0.0 0.0.0.0


That should do the trick. The static takes preference over the NAT statement. The NAT statement just says do not NAT any traffic.


HTH


Jon

alanajjar Wed, 11/21/2007 - 01:34
User Badges:

Hi Lee,


If you dont want to nat all traffic , so dont use the nat-control command, because this command will pass only natted addresses, and if any address is not natted , it will by dropped.


To perform natting on a specific internal ip address, you can use:


nat(inside) 2 10.1.19.9 (INTERNAL IP)

global(ouside) 2 10.131.2.19 (EXTERNAL IP)


this will nat the internal address 10.2.19.9 to an external address 10.131.2.19.

Actions

This Discussion