Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

In and Out NAT question

Hi All,

I have a scenario i am trying to configure.

I have 2 internal hosts behind 2 different internal interfaces with private ip networks. (Network A and Network B).

I also have 2 public IP's i am using to hide NAT traffic going to the internet.

(IP 1 for Network A and IP 2 For Network B).

The Problem:

I have one internet host that needs to access an internal IP in Network B using the public IP 1.

I am using ASDM to configure it all, using Dynamic NAT for the outgoing traffic and Static Policy NAT for the incoming traffic, but i guess this is wrong because it simply doesn't work.

I also tried using static policy NAT for both incoming and outgoing traffic without success.

Can someone tell me if there is a solution and what is it?

Thanks,

Ziv

4 REPLIES
Community Member

Re: In and Out NAT question

ok friend if i understand your problem so the solution will be :

global(outside) 1 ip-public 1

global(outside) 2 ip-public 2

nat(inside1) 1 network a

nat(inside2) 2 network b

static(inside2,outside) public3 Pri-ip-Net2

access-list any-name permit any public3

access-group any-name in int outside

you must use a 3th public ip to assigne it for the internal host by useing static command

pleas if this don't solue your problem can you send me the info in more detiled

bye

Community Member

Re: In and Out NAT question

First of all thanks for you answer.

So in other words what you are saying is that i can't use 1 IP address for both incoming and outgoing connections?

Community Member

Re: In and Out NAT question

Hi friend :

No you can use 1 ip for in and out but you have to write the comand in more detiled e.g

static(inside,outside)tcp ip1 port1 ip2 port2

but in your case you don't expline that

bec if you don't spesfied a port so you will use this public to this privaite in all connections.

i wish you understand what i talk about .

bye

Community Member

Re: In and Out NAT question

hello,

i have a same problem with ASA 5505

I have just one Ip public and it's doesn't work with

static ( inside,outside )tcp interface www 192.168.1.1/32 wwww

but with a pix 501 that work fine but not with ASA ?

Do you have a solution ?

165
Views
0
Helpful
4
Replies
CreatePlease to create content