08-15-2007 08:04 PM - edited 03-11-2019 03:58 AM
I wonder that can we configure Time based Static nat i.e During Office hours my private IP to be natted to a Public IP but after office hours the IP should be natted to a diffrent public IP ? is it possible any ways ?
08-15-2007 10:18 PM
Hi,
You can use time based access lists for control
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/a1_72.html#wp1444018
but nat cannot be done based on time instead u could try using policy nat if that solves ur purpose using
source and destination address but here time based access lists will not be supported
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1042553
Raj
08-15-2007 11:09 PM
Hi
As previous poster said you cannot do NAT based on time but it would be relatively easy to write a script that logs onto your firewall, clears the xlate for that static and then sets up a different static translation.
Jon
08-16-2007 04:13 AM
Can you please provide me a sample script ?
08-16-2007 04:44 AM
Hi
I will try and dig one out that i did a while back to do a similiar sort of thing.
Couple of questions
1) Are you familiar with Tcl/TK
2) Are you familiar with Perl
Do you have a linux/unix box to run the script from or will it be a windows box.
Jon
08-16-2007 04:59 AM
nup i am not familer with both the scripting you mentioned but just provide me sample script, my look out to understand it.
Thanks in advance!
08-16-2007 05:00 AM
it will be a windows box where i would like to run the script from!
Thanks very much
08-16-2007 05:04 AM
Okay, no problem. As it's windows it might take a bit of time to dig out so bear with me.
Jon
08-17-2007 07:40 PM
You can install perl on windows (aka activeperl). You will also need the Windows version of the net::telnet & net::telnet::cisco modules. Adjust passwds and IP accordingly. Once you have the script working, just schedule it using windows.
=================================
#!/usr/bin/perl -w (adjust this accordingly)
use Net::Telnet::Cisco;
$passwd = 'telnet_passwd';
$enable_passwd = 'enable_passwd';
$pix = '192.168.1.1';
{
my $session = Net::Telnet::Cisco->new(Host => $pix, Timeout => 30);
$session->prompt('/[\$%#>] $/');
$session->login('pix', $passwd);
$session->enable($enable_passwd);
$session->cmd("conf t\nno static (inside,outside) 10.10.10.10 10.10.10.10\nstatic (inside,outside) 11.11.11.11 10.10.10.10");
}
==============
i've never configured a PeRL script to use ssh, but i suppose its possible.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide