Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

img
New Member

Static NAT

I wonder that can we configure Time based Static nat i.e During Office hours my private IP to be natted to a Public IP but after office hours the IP should be natted to a diffrent public IP ? is it possible any ways ?

8 REPLIES
New Member

Re: Static NAT

Hi,

You can use time based access lists for control

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/a1_72.html#wp1444018

but nat cannot be done based on time instead u could try using policy nat if that solves ur purpose using

source and destination address but here time based access lists will not be supported

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1042553

Raj

Hall of Fame Super Blue

Re: Static NAT

Hi

As previous poster said you cannot do NAT based on time but it would be relatively easy to write a script that logs onto your firewall, clears the xlate for that static and then sets up a different static translation.

Jon

img
New Member

Re: Static NAT

Can you please provide me a sample script ?

Hall of Fame Super Blue

Re: Static NAT

Hi

I will try and dig one out that i did a while back to do a similiar sort of thing.

Couple of questions

1) Are you familiar with Tcl/TK

2) Are you familiar with Perl

Do you have a linux/unix box to run the script from or will it be a windows box.

Jon

img
New Member

Re: Static NAT

nup i am not familer with both the scripting you mentioned but just provide me sample script, my look out to understand it.

Thanks in advance!

img
New Member

Re: Static NAT

it will be a windows box where i would like to run the script from!

Thanks very much

Hall of Fame Super Blue

Re: Static NAT

Okay, no problem. As it's windows it might take a bit of time to dig out so bear with me.

Jon

Gold

Re: Static NAT

You can install perl on windows (aka activeperl). You will also need the Windows version of the net::telnet & net::telnet::cisco modules. Adjust passwds and IP accordingly. Once you have the script working, just schedule it using windows.

=================================

#!/usr/bin/perl -w (adjust this accordingly)

use Net::Telnet::Cisco;

$passwd = 'telnet_passwd';

$enable_passwd = 'enable_passwd';

$pix = '192.168.1.1';

{

my $session = Net::Telnet::Cisco->new(Host => $pix, Timeout => 30);

$session->prompt('/[\$%#>] $/');

$session->login('pix', $passwd);

$session->enable($enable_passwd);

$session->cmd("conf t\nno static (inside,outside) 10.10.10.10 10.10.10.10\nstatic (inside,outside) 11.11.11.11 10.10.10.10");

}

==============

i've never configured a PeRL script to use ssh, but i suppose its possible.

129
Views
4
Helpful
8
Replies
CreatePlease to create content