Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Need to NAT Addresses to Inside Servers

Hopefully this is the correct group to post this question, if it should be in the VPN group i can post there.

We are going to setup a L2L VPN with a vendor and they asked us to NAT a couple IP addresses for remote access to a couple of servers on our inside network. Our device is an ASA 5580 with version 8.1 and we have a handfull of public IP addresses for use if needed.

The vendor's remote network is a public IP address but for this posting I will use 192.168.10.0. Our inside servers are 10.100.10.20 and 10.100.10.30. Because 10.100.10 is in use with another customer they asked us to NAT 10.77.97.20 and 10.77.97.30 to the two inside servers. I'm comfortable with the VPN setttings but I would appreciate guidance with the NAT configuration.

Thanks in advance.

Jeff

Everyone's tags (6)
2 REPLIES

Need to NAT Addresses to Inside Servers

HI

You need to know the port that you need to NAT.

The the config mode

ip nat inside sourcer static PROTOCOL (TCP, udp, etc) IP_destination PORT#Destination interface SOURCE Port#External

Example:

ip nat inside source static udp 172.17.128.11 21 interface ATM0.1 21

Hope this helps!

Best Regards.

VIP Purple

Re: Need to NAT Addresses to Inside Servers

For this setup you need to configure policy NAT. With that, the translation is depending on the remote Network.

1) Configure an ACL describing the communication that has to be NATted (10.100.10.20 and 10.100.10.30 to the customer-network)

2) In your nat or static statement (static if the remote end needs to establish sessins to the server, nat if only your server establishes the connection) you use that ACL to restrict the NAT to only the defined communication.

The exact configuration is explained in the config-guide:

http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/cfgnat.html#wp1042553

Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
220
Views
0
Helpful
2
Replies