05-19-2009 08:23 AM - edited 03-11-2019 08:34 AM
I have a general NAT question I hope you can help us with. We are converting from a large public ip address block (no NAT whatsoever) into a private address space using a combination of NAT / PAT, etc.
I think the ASA can do this without issue (version 8.04), but want to verify. On the Outside interface I have a completely different subnet than the public space I have inside. (Basically a /30 on the outside to the provider and a large /19 on the inside). Now, can I NAT this /19 to the Outside interface even though is is on a different subnet than the /30 assigned to the Outside?
Example (ip's changed to preserve the innocent):
Outside IP = 23.2.2.2 /30 (apologies to whoever owns this space)
Inside IP = 167.2.0.0 /19 (more apologies)
Can I NAT that 167.2.0.0 /19 to the Outside without issue?
Thanks for your assistance!
Jim
05-19-2009 08:25 AM
Jim
Yes no problem. I'm assuming you mean hide all the 167.2.0.0/19 addresses behind 23.2.2.2 ?
If so
nat (inside) 1 167.2.0.0 255.255.224.0
global (outside) 1 interface
If i have misunderstood let me know.
Jon
05-19-2009 08:38 AM
Thanks, Jon - that is part of it.
How about if we have public servers on an IP address example 167.2.1.1 (SMTP)? Can I simply create a statement like this and will this work? This host is currently assigned the public IP 167.2.1.1 right on its tcp/ip stack and it will now be assigned a private address like 10.1.226.223 (assume I have done all the routing inside correctly, etc).
static (Inside,Outside) tcp 167.2.1.1 25 10.1.226.223 25 netmask 255.255.255.255
Thanks for your help,
Jim
05-19-2009 08:41 AM
Jim
As long as any requests for 167.2.1.1 are routed to the outside interface of your ASA from the Internet then yes you should be fine.
Jon
05-19-2009 08:45 AM
Thanks, Jon. That is exactly what I wanted to verify.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: