A NAT QUESTION - is this sensible?

Unanswered Question
Jan 13th, 2009
User Badges:

I have a server 10.1.2.5 which is on a 10.1.0.0 network and have users located in another network - 192.168.0.0. I need these (192.168) users to be able to reach this server. Assuming that the INSIDE network is the 192.168.0.0 network I assume I want to set-up a static nat translation on this network to enable users in 192.168.0.0 to reach this server. I am assuming that the syntax is going to be “ip nat (inside, outside) 10.1.2.5 192.168.2.5”


This says in plain English “Any requests coming from the inside network ie 192.168.0.0 to the host 10.1.2.5 should be translated to a new host address of 192.168.2.5”.


The request then gets routed to the 192.168 network and is forwarded to the 192.168.2.5 server.

IS THIS SYNTAX CONFIG CORRECT ?

thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Tue, 01/13/2009 - 03:52
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

from above command it looks like ASA or pix


for the static nat

it works tow way


if ur inside network is in subnet 192.168

and outside is 10.1


and u have server in the outside with ip 10.1.2.5

and u use the bellow nat line

static (inside, outside) 10.1.2.5 192.168.2.5


lets say the inside network is 192.168.2.0

ant host in the inside network send traffic to 192.168.2.5 will be trnslated to 10.1.2.5 and sent to that server and vice versa for returne traffic

by the wayt make sure ur trafic not block in or out


good luck

hope this helps

ciscosrini369 Tue, 01/13/2009 - 04:01
User Badges:

if u r accessing from inside to dmz then u dont need natting, if its from inside to outside netwrok u have to NAT


--srini

Marwan ALshawi Tue, 01/13/2009 - 13:08
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

hi guys


if the access fron inside to DMZ nating should be used it nat control enabled on the firewall


static nat work tow ways

if u use nat 0 nat exmption u can exmpt nat

nat identity works one way

and nating with extended ACL works tow ways


regarding that these and ACL to permit traffic


hope this helps

Actions

This Discussion