Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA Nat help required

Hi,

We have Internet router having public IP pool(144.xxxx Series) They are connected to ASA firewall , from ASA, it was Outside

Our requirement is we need to access that router from Inside Interface with some Private IP Pool.(10.xx.xx), One of the server hosted in DMZ location will fetch the config of the router,

Do static nat  in asa 10.xxx --- to 144.xxx will help me in that case along with access list(port no 22) as config will be fetched over ssh protocol.

How to do the routing in that case.

thanks, subhojit                  

2 REPLIES
New Member

ASA Nat help required

Hi,

Small addition, we like to do the Nat smothing like that Outside to Inside, Normally, we do inside to outside

Br/Subhojit

New Member

Re: ASA Nat help required

Hi,

I am not sure if i got it right from you. Correct me if i am wrong.

You have an internet router that is connected to ASA's outside interface and you want to manage this router from an inside network, let's say, 10.1.1.0/24 using SSH. However, i didn't get the DMZ and server part.

If this is the case, try this:

static (outside,inside) 10.1.1.10 144.xxx.xxx.xxx netmask 255.255.255.255

You do not need an ACL applied to the inside interface to allow SSH traffic to it because by default, traffic is allowed from higher security interface to a lower security interface.

However, i wonder why you want to apply this scenario. Why wouldn't you simply connect the router's mgmt interface to a dedicated management subnet?

Regards,

AM

301
Views
0
Helpful
2
Replies
CreatePlease to create content