Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Configuring NAT on asa 5505

Configuring NAT on asa 5505 9 years 7 months ago #20978

  • alpine
  • alpine's Avatar
  • Offline
  • New Member
  • Posts: 9
  • Karma: 0
I am having a difficult time understanding how to do this. Here is a idea of my network

private
netvanta
11.11.0.0. 200.214.0.1

Currently my netvanta IOS firewall does the natting I want to disable the netvanta ios firewall for the ASA5505. How do I setup natting on the asa to replace the netvanta IOS fw. I have created a global route 0.0.0.0 192.168.0.1, this points to the e0/0 port on the netvanta. Would i add a static or dynamic rule? on ADSM I am thinking of trying this

Dynamic
interface inside
ip address 192.168.0.2 e0/0 in the asa 5505
mask 255.255.255.0

Dynamic translation interface inside
add global pool--range 11.11.0.0-11.11.255.255

would this work?

thanks
The administrator has disabled public write access.

Re: Configuring NAT on asa 5505 9 years 7 months ago #20979

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Hi there,

Static mappings are usually for allowing traffic in. You can define an external IP Address and Map it to an Internal IP Address for hosting services to the Internet. It does however work in the other way aswell, since the translation is in place it will work for both directions.

To do a NAT from inside to out you need to first define your global pool (or address/interface) and then assing a NAT.

This is done as follows;

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0

The number 1 is used to "glue" if you like these two commands together. The Nat is saying MAP every possible internal address. The global is saying, translat these internal addresses to the addres on the outside interface (Will actually setup PAT but usually you only have a single IP Address). If you have a pool of addresses you can say,

global (outside) 1 10.10.10.100-10.10.10.150 netmask 255.255.255.0

This will basically configure 1 to 1 NAT translations for the first 50 devices 100-149 and then once the next ones come along, it will start to us PAT (NAT Overload some routers refer to it as).

Cheers

Wayne
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.
Time to create page: 0.072 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup