Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT from private IP address

We have an ASA 5550.  How do you write a NAT statement from the inside private IP 192.168.100.1(server) to a public IP address?

Thanks.

Diane

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

Re: NAT from private IP address

dianewalker wrote:

We have an ASA 5550.  How do you write a NAT statement from the inside private IP 192.168.100.1(server) to a public IP address?

Thanks.

Diane

Diane

static (inside,outside) 192.168.100.1 netmask 255.255.255.255

Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

Hall of Fame Super Blue

Re: NAT from private IP address

dianewalker wrote:

Thanks for your prompt response, Jon.

Another question: Instead of NATTING each individual private IP address to each individual public IP address, can you also NATTING the entire subnet?  For example, can you do this?

static (inside,outside) 192.168.100.0 netmask 255.255.255.0

Also, would you recommend natting each individual IP address or the entire subnet?

Thanks.

Diane

Diane

Apologies, i missed your response.

No your static wouldn't work because with static NAT as above you need a one to one mapping so with your static above the firewall would have no way of knowing which 192.168.100.x address to map to the public IP.

You could do this -

static (inside,outside) 192.168.100.0 netmask 255.255.255.0

where the public IP subnet has a subnet mask of 255.255.255.

For static NAT i would recommend only Natting the IPs you have to for security purposes as much as anything else.

Jon

3 REPLIES
Hall of Fame Super Blue

Re: NAT from private IP address

dianewalker wrote:

We have an ASA 5550.  How do you write a NAT statement from the inside private IP 192.168.100.1(server) to a public IP address?

Thanks.

Diane

Diane

static (inside,outside) 192.168.100.1 netmask 255.255.255.255

Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

New Member

Re: NAT from private IP address

Thanks for your prompt response, Jon.

Another question: Instead of NATTING each individual private IP address to each individual public IP address, can you also NATTING the entire subnet?  For example, can you do this?

static (inside,outside) 192.168.100.0 netmask 255.255.255.0

Also, would you recommend natting each individual IP address or the entire subnet?

Thanks.

Diane

Hall of Fame Super Blue

Re: NAT from private IP address

dianewalker wrote:

Thanks for your prompt response, Jon.

Another question: Instead of NATTING each individual private IP address to each individual public IP address, can you also NATTING the entire subnet?  For example, can you do this?

static (inside,outside) 192.168.100.0 netmask 255.255.255.0

Also, would you recommend natting each individual IP address or the entire subnet?

Thanks.

Diane

Diane

Apologies, i missed your response.

No your static wouldn't work because with static NAT as above you need a one to one mapping so with your static above the firewall would have no way of knowing which 192.168.100.x address to map to the public IP.

You could do this -

static (inside,outside) 192.168.100.0 netmask 255.255.255.0

where the public IP subnet has a subnet mask of 255.255.255.

For static NAT i would recommend only Natting the IPs you have to for security purposes as much as anything else.

Jon

492
Views
0
Helpful
3
Replies