10-13-2009 01:52 AM - edited 03-04-2019 06:21 AM
Hi All,
I have to creat static nat for specific requirement.
Public IP to private ip in the LAN. Setup as follows:
Internet (Public IP) -> Router -> ASA firewall -> Server
* I use private ip range between router internal interface and ASA firewall Out side interface. could you please help on this.
Thanks.
Pradeepa
10-13-2009 02:28 AM
if i understand your requirement you will let only the router do the NAT ?
it is recommanded that the ASA does the NAT.
you can divide your public range using subnetting: you need 2 IPs for the subnet on the external interface of your router and the remaining for the internal one. so the ASA wil have one public IP and can do the NAT.
10-13-2009 04:22 AM
Hi,
Than you for the reply. but scenaio is bit different.Let me try to explain it further.
my setup is like this:
Public IP --> router --> Firewall --> server ion the LAN
What is required is:
1. router internal interface and Firewall external (outside) interface has private IP range
2. I am nating public ip which is in the same range as my router external interface IP.
3. at the router public IP will be nated to ip address within the range of router internal interface and ASA outside interface.
4. At the ASA this IP will be again nated to LAN IP (server) again.
Hope this is much clear. I'm ok with STATIC NAT, but got stuck with this.
Again thank you for your time :)
Cheers,
Pradeepa
10-13-2009 06:04 AM
Pradeepa
public IP = 195.17.17.1
private IP between router and ASA = 172.16.5.10
server IP = 192.168.5.10
fa0/1 -> router fa0/0 -> outside ASA inside -> server
router config
=============
int fa0/1
ip nat outside
int fa0/0
ip nat inside
ip nat inside source static 172.16.5.10 195.17.17.1
ASA config
==========
static (inside,outside) 172.16.5.10 192.168.5.10 netmask 255.255.255.255
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: