I am having a difficult time understanding how to do this. Here is a idea of my network
Currently my netvanta IOS firewall does the natting I want to disable the netvanta ios firewall for the ASA5505. How do I setup natting on the asa to replace the netvanta IOS fw. I have created a global route 0.0.0.0 192.168.0.1, this points to the e0/0 port on the netvanta. Would i add a static or dynamic rule? on ADSM I am thinking of trying this
ip address 192.168.0.2 e0/0 in the asa 5505
Dynamic translation interface inside
add global pool--range 18.104.22.168-22.214.171.124
would this work?
Re: Configuring NAT on asa 5505
11 years 8 months ago #20979
Static mappings are usually for allowing traffic in. You can define an external IP Address and Map it to an Internal IP Address for hosting services to the Internet. It does however work in the other way aswell, since the translation is in place it will work for both directions.
To do a NAT from inside to out you need to first define your global pool (or address/interface) and then assing a NAT.
This is done as follows;
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
The number 1 is used to "glue" if you like these two commands together. The Nat is saying MAP every possible internal address. The global is saying, translat these internal addresses to the addres on the outside interface (Will actually setup PAT but usually you only have a single IP Address). If you have a pool of addresses you can say,
global (outside) 1 10.10.10.100-10.10.10.150 netmask 255.255.255.0
This will basically configure 1 to 1 NAT translations for the first 50 devices 100-149 and then once the next ones come along, it will start to us PAT (NAT Overload some routers refer to it as).