Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cisco ASA Natting

 

Hello All,

I have a Cisco ASA 5545 connected to my ISP Router,also i have three servers on which i want bidirectional traffic to pass through the ASA.I want to assign private addresses to these three servers but in different range.

Kindly let me know what is the best way to NAT them.Also all these servers have registered domain names but i want to conserve my public ips.

Hope you got my point.

 

Thanks

5 REPLIES
Cisco Employee

Hi,I think this should be

Hi,

I think this should be possible with the Auto NAT statements on the ASA device.

You want the 3 Servers in different ranges mean different Networks ? If yes , you would need to configure multiple interfaces with the servers and create the corresponding NAT statement.

This will be the Syntax:-

object network <Object Name>

host <Private server IP>

nat (Real Interface , <Mapped Interface) static Mapped IP

You need an ACL to allow the Inbound traffic and this will be something like this:-

access-list Outside-in permit ip any <Private IP >

Thanks and Regards,

Vibhor Amrodia

Community Member

 thanks Vibhor for the reply

 

thanks Vibhor for the reply,

i was just simulating this lab in my GNS3 however i don't see object network command there,instead its showing object-group command,

Kindly let me know the difference

Thanks

Cisco Employee

Hi,Difference should be the

Hi,

Difference should be the version on the ASA device. These commands were only introduced after ASA 8.3 and above.

The ASA 5545 device will only work on ASA 8.6 + so the command that i provided would work fine on that.

Thanks and Regards,

Vibhor Amrodia

Community Member

 Hi, so can i use network

 

Hi,

 

so can i use network group command and will it serve the same purpose.

 

Thanks

Cisco Employee

Hi,No , you would not be able

Hi,

No , you would not be able to use the NAT statement with the object-groups. These are only used with object command.

Thanks and Regards,

Vibhor Amrodia

60
Views
0
Helpful
5
Replies
CreatePlease to create content