Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Routing with Static-NAT-Mappings

Hello,

  we are using a Cisco 5510 with three networks connected - inside, outside, wlan.  We assigned several port-mappings between the external network and internal servers.  These external addresses are not reachable from the wlan and internal hosts. All internal dun WLAN traffic is NATed thru the outside interface.

  All the traffic gets routed thru our service-provider.

  Here the lines from the config I think might be relevant.

  Please give us any pointers how to fix our problem.

  Thanks

  Fabian

ASA Version 7.0(7)

!

interface Ethernet0/0.6

vlan 6

nameif airport

security-level 30

no ip address

!

interface Ethernet0/0.7

vlan 7

nameif outside

security-level 0

ip address 11.11.11.170 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.10.10.130 255.255.255.0

!

dns domain-lookup outside

dns domain-lookup inside

same-security-traffic permit intra-interface

access-list 101 extended permit ip 10.10.10.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list policy_nat_imapssl1 extended permit ip host 10.10.10.158 any

access-list policy_nat_imapssl2 extended permit ip host 10.10.10.158 any

access-list policy_nat_www3 extended permit ip host 10.10.10.247 any

access-list inbound_outside extended permit tcp 11.11.11.0 255.255.255.0 host 11.11.11.212 eq 993

access-list inbound_outside extended permit tcp any host 11.11.11.212 eq 993

access-list inbound_outside extended permit tcp any host 11.11.11.214 eq https

access-list inbound_outside extended permit tcp any host 11.11.11.215 eq www

access-list inbound_outside extended permit tcp any host 11.11.11.215 eq https

access-list inbound_outside extended permit tcp any host 11.11.11.216 eq 9080

access-list inbound_outside extended permit tcp any host 11.11.11.217 eq https

access-list inbound_outside extended permit tcp any host 11.11.11.217 eq www

access-list inbound_outside extended permit tcp any host 11.11.11.243 eq https

access-list inbound_outside extended permit tcp any host 11.11.11.243 eq www

access-list inbound_outside extended permit tcp any host 11.11.11.219 eq 8080

access-list inbound_outside extended permit tcp any host 11.11.11.218 eq 8080

access-list inbound_outside extended permit tcp any host 11.11.11.120 eq 8080

access-list policy_nat_www4 extended permit ip host 10.10.10.180 any

access-list policy_nat_sirius extended permit ip host 10.10.10.238 any

access-list policy_nat_ariel extended permit ip host 10.10.10.218 any

access-list policy_nat_ariel2 extended permit ip host 10.10.10.219 any

nat-control

global (outside) 1 11.11.11.190

nat (inside) 0 access-list 101

static (inside,outside) 11.11.11.212  access-list policy_nat_imapssl1

static (inside,outside) 10.10.10.158  access-list policy_nat_imapssl2

static (inside,outside) 11.11.11.215  access-list policy_nat_www3

static (inside,outside) 11.11.11.211  access-list policy_nat_www4

static (inside,outside) 11.11.11.216  access-list policy_nat_sirius

static (inside,outside) 11.11.11.217  access-list policy_nat_ariel

static (inside,outside) 11.11.11.243  access-list policy_nat_ariel2

access-group inbound_outside in interface outside

route outside 0.0.0.0 0.0.0.0 11.11.11.171 1

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

!

service-policy global_policy global

Everyone's tags (4)
497
Views
0
Helpful
0
Replies
CreatePlease to create content