Ask Question Forum:
Model Library:2025-02-08 Updated:A.I. model is online for auto reply question page
C
O
M
P
U
T
E
R
2
8
Show
#
ASK
RECENT
←
- Underline
- Bold
- Italic
- Indent
- Step
- Bullet
- Quote
- Cut
- Copy
- Paste
- Table
- Spelling
- Find & Replace
- Undo
- Redo
- Link
- Attach
- Clear
- Code
Below area will not be traslated by Google,you can input code or other languages
Hint:If find spelling error, You need to correct it,1 by 1 or ignore it (code area won't be checked).
X-position of the mouse cursor
Y-position of the mouse cursor
Y-position of the mouse cursor
Testcursor
caretPos
Attachment:===
Asked by sasapix
at 2024-07-17 03:56:08
ModifyPoint:500 Replies:10 POST_ID:829006USER_ID:11904
Topic:
Cisco PIX Firewall;Miscellaneous Networking;Networking Protocols
Hello,
I have a CIsco ASA5505 with ASA Version 8.2, I would like a machine (pc in inside LAN) will appear on the Internet with a specific public IP address (I have available a class of 8 public IP addresses), how should I configure the NAT rule ?
Thanks.
I have a CIsco ASA5505 with ASA Version 8.2, I would like a machine (pc in inside LAN) will appear on the Internet with a specific public IP address (I have available a class of 8 public IP addresses), how should I configure the NAT rule ?
Thanks.
Author: sasapix replied at 2024-07-24 02:20:40
my need is that this server is reachable from the outside again through the public IP on which there is already a NAT server, but this should appear on Internet with a different public IP.
Thanks.
Thanks.
Expert: Jordan Medlen replied at 2024-07-18 08:35:52
I can be done via static PAT, just not static NAT.
Author: sasapix replied at 2024-07-18 01:28:49
I am very surprised that this rule can not be done with a Cisco device, I do it with other Linux based firewall with fwbuilder and this is a simple thing, in attached file this rule made with fwbuilder.
Expert: Jordan Medlen replied at 2024-07-17 08:06:30
Actually, doing some quick research, what you want to do is not possible. The only way to have two static statements for the same real IP address (192.168.1.246) with the same interface mapping (inside,outside) is to do static PAT. This does make sense.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_staticpat.html#wpxref54039
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_staticpat.html#wpxref54039
Expert: Jordan Medlen replied at 2024-07-17 08:03:32
Looks like everything you are currently doing is based on a TPC or UDP port for inbound traffic. You could try adding the general NAT in to make the traffic from this server going outbound appear on the different IP address. I have never done this, so I am unsure if it will really work, however it would seem to me that it might. You can try using the statement I provided above to accomplish this, however as not knowing what affect it might have on the current NAT, you may want to do this inside of a maintenance window, or a time when users are least likely to hit this service from the outside.
Author: sasapix replied at 2024-07-17 07:57:00
in attach configuration file.
I wish the machine with IP 192.168.1.246 go on the Internet with a public IP address different from the one with which you currently presents on the internet.
My public IP I replaced them with 2.2.2.
Thanks.
I wish the machine with IP 192.168.1.246 go on the Internet with a public IP address different from the one with which you currently presents on the internet.
My public IP I replaced them with 2.2.2.
Thanks.
Expert: Jordan Medlen replied at 2024-07-17 07:30:03
Can you post your configuration here? You can change IP addresses so that your information isn't public, however it may help in assisting you better.
Author: sasapix replied at 2024-07-17 07:26:10
the rule that you have shown me that is just coming out ?
I ask this because I need only output and not input because this is already nat rule private ip --> public IP on a different public IP and this rule should remain.
Thanks.
I ask this because I need only output and not input because this is already nat rule private ip --> public IP on a different public IP and this rule should remain.
Thanks.
Expert: duncanb7 replied at 2024-07-17 06:05:34
Did you read this article for configure NAT from CISCO ?
http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/cfgnat.html#wp1043599
Duncan
http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/cfgnat.html#wp1043599
Duncan
Expert: Jordan Medlen replied at 2024-07-17 05:54:07
You would configure a rule as follows...
static (inside,outside) 4.2.2.2 192.168.1.200 netmask 255.255.255.255
To break down this statement, you're creating a static mapping from real interface to the mapped interface. Next you are specifying the external IP address, the one you want this traffic to be seen as to the rest of the world. Then, mapping that to the internal host IP address. Finally, just a netmask of 255.255.255.255 as it's a host.
Don't forget, in case you haven't already done so, configure NAT for all other addresses on the inside of the ASA...
nat (inside) 1 0.0.0.0 0.0.0.0
If you were to update the OS on your ASA to something 8.4 or later, the NAT configuration changes to the following...
object network obj-192.168.1.200
host 192.168.1.200
nat (inside,outside) static 4.2.2.2
Hope this makes sense to you.
static (inside,outside) 4.2.2.2 192.168.1.200 netmask 255.255.255.255
To break down this statement, you're creating a static mapping from real interface to the mapped interface. Next you are specifying the external IP address, the one you want this traffic to be seen as to the rest of the world. Then, mapping that to the internal host IP address. Finally, just a netmask of 255.255.255.255 as it's a host.
Don't forget, in case you haven't already done so, configure NAT for all other addresses on the inside of the ASA...
nat (inside) 1 0.0.0.0 0.0.0.0
If you were to update the OS on your ASA to something 8.4 or later, the NAT configuration changes to the following...
object network obj-192.168.1.200
host 192.168.1.200
nat (inside,outside) static 4.2.2.2
Hope this makes sense to you.
