cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
560
Views
0
Helpful
3
Replies

Static NAT (Double NAT)

pradeepadias
Level 1
Level 1

Hi All,

I have to creat static nat for specific requirement.

Public IP to private ip in the LAN. Setup as follows:

Internet (Public IP) -> Router -> ASA firewall -> Server

* I use private ip range between router internal interface and ASA firewall Out side interface. could you please help on this.

Thanks.

Pradeepa

3 Replies 3

ohassairi
Level 5
Level 5

if i understand your requirement you will let only the router do the NAT ?

it is recommanded that the ASA does the NAT.

you can divide your public range using subnetting: you need 2 IPs for the subnet on the external interface of your router and the remaining for the internal one. so the ASA wil have one public IP and can do the NAT.

Hi,

Than you for the reply. but scenaio is bit different.Let me try to explain it further.

my setup is like this:

Public IP --> router --> Firewall --> server ion the LAN

What is required is:

1. router internal interface and Firewall external (outside) interface has private IP range

2. I am nating public ip which is in the same range as my router external interface IP.

3. at the router public IP will be nated to ip address within the range of router internal interface and ASA outside interface.

4. At the ASA this IP will be again nated to LAN IP (server) again.

Hope this is much clear. I'm ok with STATIC NAT, but got stuck with this.

Again thank you for your time :)

Cheers,

Pradeepa

Pradeepa

public IP = 195.17.17.1

private IP between router and ASA = 172.16.5.10

server IP = 192.168.5.10

fa0/1 -> router fa0/0 -> outside ASA inside -> server

router config

=============

int fa0/1

ip nat outside

int fa0/0

ip nat inside

ip nat inside source static 172.16.5.10 195.17.17.1

ASA config

==========

static (inside,outside) 172.16.5.10 192.168.5.10 netmask 255.255.255.255

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco