Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Hopelessly lost, again, re: NAT'ing with NAT control on

I am sadly lost, again, and need help.

Everything I thought I knew about NAT'ing seems completely backwards.

I am struggling to understand an existing config.

Here are the pertinent lines:

interface GigabitEthernet0/0

description ASA_NET_227.76.40.19/28

nameif Primary_Public

security-level 10

ip address 227.76.40.19 255.255.255.248 standby 227.76.40.20

nat-control

global (Primary_Public) 1 interface

static (Production,Primary_Public) 227.76.41.0 172.20.41.0 netmask 255.255.255.0

To me, as I understand it, the interface Primary_Public is the global interface = OUTSIDE interface.

But, breaking down the static NAT rule, I thought it was:

static (inside, outside) "inside address" "outside address" netmask 255.255.255.0, where we are mapping an entire subnet.

But this makes no sense to me. How can a public address like 227.76.41.0 be considered an "inside address"?

Especially when the interface Primary_Public is declared an outside interface, yet contains an IP address within the subnet that is now stated to be "inside" within the static nat rule.

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions

Hopelessly lost, again, re: NAT'ing with NAT control on

Hello Paul,

You are confused... ASA 8.2 or lower versions speaking the sintax is like this:

static (local interface, global interface) global_ip local_ip

That is the way the static's are build on an asa runing a version 8.2 or lower

Regards,

Do rate all the helpful posts

Julio

Security Networking Engineer

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
3 REPLIES

Hopelessly lost, again, re: NAT'ing with NAT control on

Hello Paul,

You are confused... ASA 8.2 or lower versions speaking the sintax is like this:

static (local interface, global interface) global_ip local_ip

That is the way the static's are build on an asa runing a version 8.2 or lower

Regards,

Do rate all the helpful posts

Julio

Security Networking Engineer

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Hopelessly lost, again, re: NAT'ing with NAT control on

Thanks Julio.

The material I was looking at was clearly not accurate.

Hopelessly lost, again, re: NAT'ing with NAT control on

Hello Paul,

My pleasure to know I can help

Regards,

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
365
Views
0
Helpful
3
Replies