Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Translation Assistance (NAT)

Hi All,

I have a simple question.

Can I NAT in the ASA to an address that does not belong to the ASA itself?

In other words...

I have used NAT many times to translate the inside LANs to an address of the outside range of the ASA (but when the IP address assigned to the OUTSIDE interface belongs to this range)...

In this case, I need to translate the inside LAN to a public IP address, but both the inside & outside of the ASA are private IP addresses.

I cannot NAT on the directly connected device to the internet, so I was wondering if I can NAT on the ASA (eventhough the public IP address does not belong to the ASA), and create a route to point to the ASA....

Does it make sense?

Can somebody help me please?

Thank you!

Federico.

4 REPLIES

Re: Translation Assistance (NAT)

sure this is possible

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 5.5.5.5

route 5.5.5.5/32 on the outside router to the outside IP of the ASA 192.168.0.1

Regards,

Roman

New Member

Re: Translation Assistance (NAT)

Ok, but I don't understand how does it works...

For example:

If I do what you describe, I have to tell the External Router that the IP 5.5.5.5 is on the interface facing the ASA. But that same router is going to have that IP on it's interface facing the Internet...

Would'nt that create a problem? (a routing problem)?

Please clarify...

Thank you!

Federico.

Re: Translation Assistance (NAT)

your ISP WAN connection is usually a /30 subnet, and ISP usually assigns you another /29 or /28 IP subnet which you then route to the ASA.

If all you have is your /30, then you'll need to do NAT on the router, route private subnet to the ASA, and do no NAT on ASA ("nat-control" is by default disabled)

Let me know if it's still not clear.

Regards,

Roman

New Member

Re: Translation Assistance (NAT)

I have it clear now thank you.

I have only a /30 which I have on the router, so I must NAT on the router.

Thank you.

134
Views
0
Helpful
4
Replies
CreatePlease to create content