Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static nat

Hello,

Static nat is not working if i use the same public IP as the Outside interface.

Configuration example :

ASA Version 7.2(2)

interface Ethernet0/0

nameif outside

security-level 0

ip address 1.1.1.1 255.255.255.0

interface Ethernet0/1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

access-list inside_access_in extended permit ip any any

access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.57.0 255.255.255.0

access-list web extended permit tcp any host 1.1.1.1 eq www

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) 1.1.1.1 192.168.1.250 netmask 255.255.255.255

access-group web in interface outside

access-group inside_access_in in interface inside

route outside 0.0.0.0 0.0.0.0 1.1.1.3 1

----

If i change the outside IP address with 1.1.1.2, the static nat is working.

If i change the PIX version with 7.1(1) the static nat is working if use the same public Ip address.

What is the difference between the 7.1(1) and the 7.2(2) ?

Thanks for your help

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: Static nat

What services do you wish to forward to 192.168.1.250? Use port forwarding instead for each port you wish to forward...I did www and ftp below.

no static (inside,outside) interface 192.168.1.250 netmask 255.255.255.255

static (inside,outside) tcp interface www 192.168.1.250 www netmask 255.255.255.255

static (inside,outside) tcp interface ftp 192.168.1.250 ftp netmask 255.255.255.255

Please rate helpful posts.

4 REPLIES
Green

Re: Static nat

Change it to this...

static (inside,outside) interface 192.168.1.250 netmask 255.255.255.255

That should do the trick.

Please rate helpful posts.

New Member

Re: Static nat

Hello,

If i use this command :

static (inside,outside) interface 192.168.1.250 netmask 255.255.255.255

Its working, but i have this warning message :

WARNING: static redireting all traffics at outside interface;

WARNING: all services terminating at outside interface are disabled.

AND WEBVPN and VPN IPSEC CLIENT IS NOT WORKING

Green

Re: Static nat

What services do you wish to forward to 192.168.1.250? Use port forwarding instead for each port you wish to forward...I did www and ftp below.

no static (inside,outside) interface 192.168.1.250 netmask 255.255.255.255

static (inside,outside) tcp interface www 192.168.1.250 www netmask 255.255.255.255

static (inside,outside) tcp interface ftp 192.168.1.250 ftp netmask 255.255.255.255

Please rate helpful posts.

New Member

Re: Static nat

in asa doku it is said:

'Do not use a mapped address in the static command that is also defined in a global command for the same mapped interface'

345
Views
0
Helpful
4
Replies