Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA v8.3 How to tell public address presented to Internet???

Hello All,

Using the CLI on an ASA 5510 with ver8.3 (old style NAT) how can I tell what public IP Address is presented to an internet web server when my internal natted clients visit a website?

If I do a:

sh run  | i nat

I get:

nat-control
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (wifi) 1 0.0.0.0 0.0.0.0

Which is not really what I'm looking for! :)

I normally sort this out by going to www.whatismyipaddress.com but can't be doing this from every site!

Cheers

T

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Purple

There has to be a

There has to be a corresponding "global (outside) 1 ..." command in your config. There you see which IP you use or you see that the ASA is using the IP of the outside interface.

BTW: That's an ASA version <= 8.2, not 8.3. ASAv8.3 was the first release with the new syntax.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
VIP Purple

That's exactly how it works.

That's exactly how it works. The keyword "interface" is just a placeholder for the actual address of the outgoing interface. You can use a different address instead. For setups where more public addresses are available, I always use a different IP and not the one on the interface.

BTW: All the NAT-stuff is explained in the config-guides (link to 8.2, link to 8.4).


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
4 REPLIES
VIP Purple

There has to be a

There has to be a corresponding "global (outside) 1 ..." command in your config. There you see which IP you use or you see that the ASA is using the IP of the outside interface.

BTW: That's an ASA version <= 8.2, not 8.3. ASAv8.3 was the first release with the new syntax.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Hi Karsten,Many thanks for

Hi Karsten,

Many thanks for this. Sorry for late reply... traveling back from the SYD office!

Well spotted on ver! I have these things all over the world and they're all on different versions.  As an ASA noob it took me a while to figure out there was quite a major difference between versions and why I was finding it incredibly hard to learn! What worked on one firewall, wouldn't work on another :) I have many splinters in my fingers now from all the head scratching!

So I have:

global (outside) 1 interface
global (outside_dr_isp) 1 interface

Which means it's using the address on the interface, right? And if I wanted to use a different address (that I own of course), can I just change it using:

global (outside) 1 ip_address
global (outside_colt) 1 interface

Or is there more to it than that?

Cheers

T

 

 

VIP Purple

That's exactly how it works.

That's exactly how it works. The keyword "interface" is just a placeholder for the actual address of the outgoing interface. You can use a different address instead. For setups where more public addresses are available, I always use a different IP and not the one on the interface.

BTW: All the NAT-stuff is explained in the config-guides (link to 8.2, link to 8.4).


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Brilliant. Thanks for your

Brilliant. Thanks for your help.

64
Views
0
Helpful
4
Replies