thanks Vibhor for the reply

mudasir05 · ‎10-20-2014

Hello All,

I have a Cisco ASA 5545 connected to my ISP Router,also i have three servers on which i want bidirectional traffic to pass through the ASA.I want to assign private addresses to these three servers but in different range.

Kindly let me know what is the best way to NAT them.Also all these servers have registered domain names but i want to conserve my public ips.

Hope you got my point.

Thanks

Vibhor Amrodia · ‎10-20-2014

Hi,

I think this should be possible with the Auto NAT statements on the ASA device.

You want the 3 Servers in different ranges mean different Networks ? If yes , you would need to configure multiple interfaces with the servers and create the corresponding NAT statement.

This will be the Syntax:-

object network <Object Name>

host <Private server IP>

nat (Real Interface , <Mapped Interface) static Mapped IP

You need an ACL to allow the Inbound traffic and this will be something like this:-

access-list Outside-in permit ip any <Private IP >

Thanks and Regards,

Vibhor Amrodia

mudasir05 · ‎10-20-2014

thanks Vibhor for the reply,

i was just simulating this lab in my GNS3 however i don't see object network command there,instead its showing object-group command,

Kindly let me know the difference

Thanks

Vibhor Amrodia · ‎10-20-2014

Hi,

Difference should be the version on the ASA device. These commands were only introduced after ASA 8.3 and above.

The ASA 5545 device will only work on ASA 8.6 + so the command that i provided would work fine on that.

Thanks and Regards,

Vibhor Amrodia

mudasir05 · ‎10-20-2014

Hi,

so can i use network group command and will it serve the same purpose.

Thanks

Vibhor Amrodia · ‎10-21-2014

Hi,

No , you would not be able to use the NAT statement with the object-groups. These are only used with object command.

Thanks and Regards,

Vibhor Amrodia

Cisco ASA Natting