cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
610
Views
5
Helpful
2
Replies

NAT explanation

The_guroo_2
Level 2
Level 2

Hi Guys

need some help what does the follwoing means its been taken from ASA what does 2 and 5 and 4 means how its toed to interfaces can someone explain

global (External) 2 X.X.X.X

global (External) 3 10.0.0.1

global (External) 5 172.1.31.1

global (Internal) 4 192.168.16.20

nat (External) 4 access-list ABC outside

nat (Internal) 0 access-list nonat-out-in

nat (Internal) 2 access-list VPN-NAT-Source

nat (Internal) 3 access-list VVC_nat

nat (Internal) 5 access-list GTT-out

2 Replies 2

Vishnu Sharma
Level 1
Level 1

Hi,

I think there are two interfaces on the ASA named as External and internal.

The nat 2 and 5 corresponds to the traffic that originated from hosts behind the internal interface and are destined for the external interface.

An access list has been applied to the internal interface which specifies the source and a destination and an external command is applied with the same number. For ex,

nat (Internal) 5 access-list GTT-out

global (External) 5 172.1.31.1

Lets says that the access-list GTT-out is:

access-list GTT-out permit ip 10.10.10.0 255.255.255.0 192.168.10.0 255.255.255.0

Now if this is the configuration, then the host behind the ASA (10.10.10.0/24) when they go to 192.168.10.0/24 will get natted to 172.1.31.1

To get exactly what these commands are doing, we need to go through the show run configuration of the ASA.

To understand it more deeply, please go through the link: http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/nat_82.pdf

Let me know if this helps.

Thanks,

Vishnu Sharma

Hi Vishnu

Thanks and very good explanation i need to know one more thing what does

nat (Internal) 0 access-list nonat-out-in means in above....secondly my understanding is that number of rules shd match number of rules for out side....for example 2 to 5 are there in global but there are not same in nat....thirdly what is teh difference between global and nat means.........my last question is what is nat-control and if you put this command do i have to do nat for all subnets or??? thanks again

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: