Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1407
Views
0
Helpful
3
Replies

NAT from private IP address

Go to solution
dianewalker
Level 1
Level 1

‎03-29-2010 07:39 AM

We have an ASA 5550.  How do you write a NAT statement from the inside private IP 192.168.100.1(server) to a public IP address?

Thanks.

Diane

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-29-2010 08:13 AM 

dianewalker wrote:
We have an ASA 5550.  How do you write a NAT statement from the inside private IP 192.168.100.1(server) to a public IP address?
Thanks.
Diane

Diane

static (inside,outside) 192.168.100.1 netmask 255.255.255.255

Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to dianewalker

‎03-29-2010 02:36 PM 

dianewalker wrote:
Thanks for your prompt response, Jon.
Another question: Instead of NATTING each individual private IP address to each individual public IP address, can you also NATTING the entire subnet?  For example, can you do this?
static (inside,outside)  192.168.100.0 netmask 255.255.255.0
Also, would you recommend natting each individual IP address or the entire subnet?
Thanks.
Diane

Diane

Apologies, i missed your response.

No your static wouldn't work because with static NAT as above you need a one to one mapping so with your static above the firewall would have no way of knowing which 192.168.100.x address to map to the public IP.

You could do this -

static (inside,outside) 192.168.100.0 netmask 255.255.255.0

where the public IP subnet has a subnet mask of 255.255.255.

For static NAT i would recommend only Natting the IPs you have to for security purposes as much as anything else.

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-29-2010 08:13 AM 

dianewalker wrote:
We have an ASA 5550.  How do you write a NAT statement from the inside private IP 192.168.100.1(server) to a public IP address?
Thanks.
Diane

Diane

static (inside,outside) 192.168.100.1 netmask 255.255.255.255

Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

0 Helpful

Go to solution
dianewalker
Level 1
Level 1
In response to Jon Marshall

‎03-29-2010 09:22 AM

Thanks for your prompt response, Jon.

Another question: Instead of NATTING each individual private IP address to each individual public IP address, can you also NATTING the entire subnet?  For example, can you do this?

static (inside,outside) 192.168.100.0 netmask 255.255.255.0

Also, would you recommend natting each individual IP address or the entire subnet?

Thanks.

Diane

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to dianewalker

‎03-29-2010 02:36 PM 

dianewalker wrote:
Thanks for your prompt response, Jon.
Another question: Instead of NATTING each individual private IP address to each individual public IP address, can you also NATTING the entire subnet?  For example, can you do this?
static (inside,outside)  192.168.100.0 netmask 255.255.255.0
Also, would you recommend natting each individual IP address or the entire subnet?
Thanks.
Diane

Diane

Apologies, i missed your response.

No your static wouldn't work because with static NAT as above you need a one to one mapping so with your static above the firewall would have no way of knowing which 192.168.100.x address to map to the public IP.

You could do this -

static (inside,outside) 192.168.100.0 netmask 255.255.255.0

where the public IP subnet has a subnet mask of 255.255.255.

For static NAT i would recommend only Natting the IPs you have to for security purposes as much as anything else.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents