Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to NAT with different public IPs in ASA 8.3?

Hi,

I'm starting up with a firewall project and I was wondering how to NAT. I have Cisco ASA 5510 with v.8.3.

I want to NAT different interfaces with different public IPs.

Outside is:

  • outside (interface 0/0)   x.x.x.87/24

I have three "inside" interfaces:

  • inside (interface 0/1.5)     192.168.5.1/24
  • wlan (interface 0/1.20)     192.168.20.1/24
  • guest (interface 0/1.60)     192.168.60.1/24

All traffic from inside should have public IP of x.x.x.87 (== outside)

All traffic from wlan should have IP of x.x.x.88

All traffic from guest should have IP of x.x.x.89

Should I do network objects of those public IPs and NAT different interfaces to those? Example would be great. Thanks...

Regards,

Petri

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: How to NAT with different public IPs in ASA 8.3?

Hi Petri,

its quite simple,

define global pools first,

global (outside) 1 interface

global (outside) 2 x.x.x.88

global (outside) 3 x.x.x.89

then nat rules

nat (inside) 1 192.168.5.0 255.255.255.0

nat (wlan) 2 192.168.20.0 255.255.255.0

nat (guest) 3 192.168.60.0 255.255.255.0

also don't forget to define nat0 access list for traffic you dont want to nat and apply it as follows

nat (inside) 0 acess-list nat0

nat (wlan) 0 acess-list nat0

nat (guest) 0 acess-list nat0

Regards,

Irakli

2 REPLIES
New Member

Re: How to NAT with different public IPs in ASA 8.3?

Hi Petri,

its quite simple,

define global pools first,

global (outside) 1 interface

global (outside) 2 x.x.x.88

global (outside) 3 x.x.x.89

then nat rules

nat (inside) 1 192.168.5.0 255.255.255.0

nat (wlan) 2 192.168.20.0 255.255.255.0

nat (guest) 3 192.168.60.0 255.255.255.0

also don't forget to define nat0 access list for traffic you dont want to nat and apply it as follows

nat (inside) 0 acess-list nat0

nat (wlan) 0 acess-list nat0

nat (guest) 0 acess-list nat0

Regards,

Irakli

New Member

Re: How to NAT with different public IPs in ASA 8.3?

Thanks Irakli for the quick reply.

BR,

Petri

790
Views
0
Helpful
2
Replies
CreatePlease to create content