Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static Nat translation

There is one config that I can not figure out how to translate it over...

ip nat inside source static 10.4.200.29 27.166.58.194

ip nat inside source static 10.4.200.25 27.166.58.195

How do I do this on the ASA 8.2.5? (came from a 2800 router running ver 12.3(8r))

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Static Nat translation

hi shaun,

assuming you've already defined the inside and outside interfaces on your ASA, could you try:

static (inside,outside) 27.166.58.194 10.4.200.29 netmask 255.255.255.255

static (inside,outside) 27.166.58.195 10.4.200.25 netmask 255.255.255.255

4 REPLIES

Re: Static Nat translation

hi shaun,

assuming you've already defined the inside and outside interfaces on your ASA, could you try:

static (inside,outside) 27.166.58.194 10.4.200.29 netmask 255.255.255.255

static (inside,outside) 27.166.58.195 10.4.200.25 netmask 255.255.255.255

New Member

Static Nat translation

So it does not seem to do what I am expecting it to do.

I have a web server on each of those addresses, and the outside address is the 27.x.x.x and the ip address on the server is the 10.x.x.x

After adding the config you suggested, I can not access the web servers from the out side, is it possible i need to open an access list the ports as well?

Static Nat translation

Hello Shaun,

Yeah, You are missing the ACL.

On an ASA when going from a lower security level to a higher there is a requirement of an ACL in order to the traffic to be allowed.

access-list out-in permit tcp any host 27.x.x.x eq 80

acces-group out-in in interface outside

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Re: Static Nat translation

I agree with Julio. Traffic coming from the Internet with hit ACL first then your NAT rules.

Please help rate useful posts.

Sent from Cisco Technical Support iPhone App

145
Views
5
Helpful
4
Replies
CreatePlease login to create content