Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

natting on firewall

Hi all, can anyone tell me the command for natting to the outside interface address for all my internal users internet access, i know on my router its ip nat inside source list 1 interface dialler1 overload.

what is the command on the asa for this ?

thanks

6 REPLIES
Hall of Fame Super Blue

Re: natting on firewall

Carl

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

Assuming you have called the inside interface "inside" and the outside interface "outside".

HTH

Jon

New Member

Re: natting on firewall

what is the global command used for here ?

Hall of Fame Super Blue

Re: natting on firewall

The global command is needed to tie it to the relevant NAT command ie

nat (inside) 1 0.0.0.0 0.0.0.0

says NAT all addresses ariiving on the inside interface BUT it doesn't tell you what you want to NAT it to. That is what the global command does

global (outside) 1 interface

Notice the same index number (1) has been used in the nat and global statements.

Jon

New Member

Re: natting on firewall

Hi

how would i do a static nat translation on the asa also ?

New Member

Re: natting on firewall

can you explain a little more on the global command and the outside command ? ie do you need to specify the outside interface name ie outside interface eth1 ?

Hall of Fame Super Blue

Re: natting on firewall

Hi Carl

Sorry i missed this before.

To answer your first question. To create a static translation

static (inside,outside) 217.75.10.2 192.168.5.1 netmask 255.255.255.255

means - present the internal address of 192.168.5.1 as 217.75.10.2 to the outside of the pix.

As for the global command

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 217.66.10.5

means Nat all internal address to the ip address 217.66.10.5

using the command

global (outside) 1 interface

is just shorthand really to say NAT all inside addresses to the address of the pix outside interface. You don't need to use the actual physical interface name ie. eth1 because the pix/asa device refers to the eth1 interface as "outside".

Hope this makes sense

Jon

598
Views
3
Helpful
6
Replies