Routing with Static-NAT-Mappings

Unanswered Question
Feb 19th, 2012
User Badges:

Hello,



  we are using a Cisco 5510 with three networks connected - inside, outside, wlan.  We assigned several port-mappings between the external network and internal servers.  These external addresses are not reachable from the wlan and internal hosts. All internal dun WLAN traffic is NATed thru the outside interface.



  All the traffic gets routed thru our service-provider.



  Here the lines from the config I think might be relevant.



  Please give us any pointers how to fix our problem.



  Thanks

  Fabian





ASA Version 7.0(7)

!



interface Ethernet0/0.6

vlan 6

nameif airport

security-level 30

no ip address

!

interface Ethernet0/0.7

vlan 7

nameif outside

security-level 0

ip address 11.11.11.170 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.10.10.130 255.255.255.0

!

dns domain-lookup outside

dns domain-lookup inside



same-security-traffic permit intra-interface

access-list 101 extended permit ip 10.10.10.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list policy_nat_imapssl1 extended permit ip host 10.10.10.158 any

access-list policy_nat_imapssl2 extended permit ip host 10.10.10.158 any

access-list policy_nat_www3 extended permit ip host 10.10.10.247 any

access-list inbound_outside extended permit tcp 11.11.11.0 255.255.255.0 host 11.11.11.212 eq 993

access-list inbound_outside extended permit tcp any host 11.11.11.212 eq 993

access-list inbound_outside extended permit tcp any host 11.11.11.214 eq https

access-list inbound_outside extended permit tcp any host 11.11.11.215 eq www

access-list inbound_outside extended permit tcp any host 11.11.11.215 eq https

access-list inbound_outside extended permit tcp any host 11.11.11.216 eq 9080

access-list inbound_outside extended permit tcp any host 11.11.11.217 eq https

access-list inbound_outside extended permit tcp any host 11.11.11.217 eq www

access-list inbound_outside extended permit tcp any host 11.11.11.243 eq https

access-list inbound_outside extended permit tcp any host 11.11.11.243 eq www

access-list inbound_outside extended permit tcp any host 11.11.11.219 eq 8080

access-list inbound_outside extended permit tcp any host 11.11.11.218 eq 8080

access-list inbound_outside extended permit tcp any host 11.11.11.120 eq 8080

access-list policy_nat_www4 extended permit ip host 10.10.10.180 any

access-list policy_nat_sirius extended permit ip host 10.10.10.238 any

access-list policy_nat_ariel extended permit ip host 10.10.10.218 any

access-list policy_nat_ariel2 extended permit ip host 10.10.10.219 any

nat-control

global (outside) 1 11.11.11.190

nat (inside) 0 access-list 101



static (inside,outside) 11.11.11.212  access-list policy_nat_imapssl1

static (inside,outside) 10.10.10.158  access-list policy_nat_imapssl2

static (inside,outside) 11.11.11.215  access-list policy_nat_www3

static (inside,outside) 11.11.11.211  access-list policy_nat_www4

static (inside,outside) 11.11.11.216  access-list policy_nat_sirius

static (inside,outside) 11.11.11.217  access-list policy_nat_ariel

static (inside,outside) 11.11.11.243  access-list policy_nat_ariel2

access-group inbound_outside in interface outside

route outside 0.0.0.0 0.0.0.0 11.11.11.171 1

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

!

service-policy global_policy global

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion