Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAT statement syntax 1-1 nat

Hello

I am looking for correct syntax to add a 1-to-1 NAT rule on my firewall VPN policy for a test ping connection to a server IP address in the remote data center network.

My local ip is loopback1 192.168.255.1

The remote server ip is 192.168.1.100

Which IP is added to the VPN policy?

sMc
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: NAT statement syntax 1-1 nat

Steve,

For version 8.2(3), a static NAT (1 to 1) would be the following.

static (inside,outside) 209.165.xxx.xxx 192.168.1.100 netmask 255.255.255.255

8 REPLIES
New Member

NAT statement syntax 1-1 nat

Can anyone provide some specific guidance on syntax and/or ASDM gui for this request?

sMc
Super Bronze

NAT statement syntax 1-1 nat

Hi,

I dont think I know how the setup actually is.

Since you now mentioned ASDM I assume that you are using an ASA/PIX firewall. Though in the original post you mentiond loopback1 which is not something an ASA/PIX would have.

Also generally traffic incoming from VPN connection are allowed access to the actual internal IP address and there usually is no need for Static NAT.

Also if you are actually looking to configure Static NAT then the firewall software level might play a part in what the NAT configuration format is. There was a major change in the configuration format between 8.2 and 8.3 software versions.

- Jouni

New Member

NAT statement syntax 1-1 nat

JouniForss

Thank you for the reply

This is an ASA5520.

My goal is to create a rule in my VPN tunnel to my data center to test a fail over option

This loopback ip will be statically natted to a server ip address that I currently have at a remote data center.

When I ping the ip, the tunnel should come up.

My loopback ip is 192.168.255.1
The Server ip is 192.168.1.100

These servers are used for SAP applications
    I have specific ranges of ports on my router QoS t oassure bandwidth for those apps
    Will I need tpo specify those same port ranges in the VPN tunnel policy?

sMc
New Member

NAT statement syntax 1-1 nat

Can anyone verify this syntax?

Does this syntax look correct to accomplish the 1-1 nat on the ASA required to make this work?

object network My_VPNTest

host 192.168.255.1    (looback1)

nat (inside,outside) static 192.168.1.100

sMc
New Member

Re: NAT statement syntax 1-1 nat

What iOS verison?

New Member

NAT statement syntax 1-1 nat

Rashid

Thank you for the reply

Cisco Adaptive Security Appliance Software Version 8.2(3)

Device Manager Version 6.3(3)

sMc
New Member

Re: NAT statement syntax 1-1 nat

Steve,

For version 8.2(3), a static NAT (1 to 1) would be the following.

static (inside,outside) 209.165.xxx.xxx 192.168.1.100 netmask 255.255.255.255

New Member

NAT statement syntax 1-1 nat

Rashid

Thank you for your guidance.

sMc
287
Views
0
Helpful
8
Replies
CreatePlease to create content