05-22-2012 01:27 AM
Hi Guys
need some help what does the follwoing means its been taken from ASA what does 2 and 5 and 4 means how its toed to interfaces can someone explain
global (External) 2 X.X.X.X
global (External) 3 10.0.0.1
global (External) 5 172.1.31.1
global (Internal) 4 192.168.16.20
nat (External) 4 access-list ABC outside
nat (Internal) 0 access-list nonat-out-in
nat (Internal) 2 access-list VPN-NAT-Source
nat (Internal) 3 access-list VVC_nat
nat (Internal) 5 access-list GTT-out
05-22-2012 02:07 AM
Hi,
I think there are two interfaces on the ASA named as External and internal.
The nat 2 and 5 corresponds to the traffic that originated from hosts behind the internal interface and are destined for the external interface.
An access list has been applied to the internal interface which specifies the source and a destination and an external command is applied with the same number. For ex,
nat (Internal) 5 access-list GTT-out
global (External) 5 172.1.31.1
Lets says that the access-list GTT-out is:
access-list GTT-out permit ip 10.10.10.0 255.255.255.0 192.168.10.0 255.255.255.0
Now if this is the configuration, then the host behind the ASA (10.10.10.0/24) when they go to 192.168.10.0/24 will get natted to 172.1.31.1
To get exactly what these commands are doing, we need to go through the show run configuration of the ASA.
To understand it more deeply, please go through the link: http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/nat_82.pdf
Let me know if this helps.
Thanks,
Vishnu Sharma
05-22-2012 04:43 AM
Hi Vishnu
Thanks and very good explanation i need to know one more thing what does
nat (Internal) 0 access-list nonat-out-in means in above....secondly my understanding is that number of rules shd match number of rules for out side....for example 2 to 5 are there in global but there are not same in nat....thirdly what is teh difference between global and nat means.........my last question is what is nat-control and if you put this command do i have to do nat for all subnets or??? thanks again
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: