NAT confusion regarding cisco ASA5510

Posted by LonelyLonelyNetworkN00b on Server Fault See other posts from Server Fault or by LonelyLonelyNetworkN00b
Published on 2011-11-16T09:48:17Z Indexed on 2011/11/16 9:59 UTC
Read the original article Hit count: 312

Filed under:

nat

|

cisco-asa

|

pat

I'm setting up my first cisco firewalls. A little information first:I have two asa5510 setup in a working active/standby pair.

From my ISP i have two public subnets. A /29 and a /26. On my DMZ interface i have the /26 configured. On my WAN Interface i have configured the /29 IPs. My isp routes the /26 via the /29 primary IP.

I'm running ASA 8.2.

I've turned NAT-Control off, because i don't want to use nat for for other than some internal interfaces. In essence i don't want to use NAT unless i specify it.

I have a internal interface with the network of 192.168.100.0/24. I've tried setting up nat limke this:

nat (inside) 1 192.168.100.0 255.255.255.0 
global (WAN) 1 interface

I was under the impression that this would let connections that was going from 192.168.100.0/24 and out the WAN interface to be Port-Address-translated. I'm not getting this to work for some reason.

Inside interface has security level of 100, and wan has security level of 0.

© Server Fault or respective owner

Related posts about nat

Cisco 881 losing NAT NVI translation config after reload

as seen on Server Fault - Search for 'Server Fault'
This is a weird one, so I'll try to explain in as much detail as I can so I'm giving the whole picture. As I've mentioned in my other questions, I'm in the process of setting up a new Cisco 881 as my WAN router and NAT firewall. I'm facing an issue where NAT NVI rules that I have configured are not… >>> More
IPtables AWS EC2 NAT/Reverse NAT - For Reverse Proxy style setup but with IPtables

as seen on Server Fault - Search for 'Server Fault'
I was thinking initially needing to do a reverse proxy or something so I could get some SSL/TLS traffic look like it is being terminated at a server and IP address in the AWS cloud, and then that traffic is forwarded onto our actual web servers that aren't in the cloud... I've not done much iptables… >>> More
asterisk/freeswitch in nat/no-nat setup

as seen on Server Fault - Search for 'Server Fault'
hi, my current setup - i use bunch of sip hard-phones around few offices. all devices have two sip accounts configured - one on internal sip proxy [for calls between the branches], another - at 3rd party voip providers [ since it's in different countries - those are different providers, but that's… >>> More
Problem with setup VPN in Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
Problem with setup VPN on Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More

Related posts about cisco-asa

Cisco ASA bonding/teaming/port-channel capabilities

as seen on Server Fault - Search for 'Server Fault'
Hello, This seemed to me like a really simple question that I would be able to answer by myself but I have not been able to find any info on this subject. I have a Cisco ASA 5510 which has 4 FastEthernet interfaces. I was wondering if it would be possible to use 2 or 3 of these interfaces as a port-channel… >>> More
Plugging the Cisco ASA Security Hole

as seen on Internet.com - Search for 'Internet.com'
Cisco dominates the networking hardware market, and with its Adaptive Security Appliance it is extending its reach into network security. The ASA, however, can introduce a security issue. Learn how to resolve it so you can get the most out of this powerful tool. >>> More
Enable Cisco ASA as an SSH Tunneling

as seen on Server Fault - Search for 'Server Fault'
I am trying to utilize my Cisco ASA as a SSH Tunnel. I've configured this before when using a Linux server as the SSH target, however I cannot seem to get it to work with the ASA. I have configured and enabled SSH on the Cisco ASA, as well as a username that I can SSH to the console, however the SSH… >>> More
QoS basics on a Cisco ASA

as seen on Server Fault - Search for 'Server Fault'
Could someone briefly explain how to use QoS on Cisco ASA 5505? I have the basics of policing down, but what about shaping and priorities? Basically what I'm trying to do is carve out some bandwidth for my VPN subnets (in an object-group called priority-traffic). I've seen this Cisco QoS document… >>> More
Configuring Cisco ASA 5510 to assign static IP address based on MAC address

as seen on Server Fault - Search for 'Server Fault'
Hi, We have a CISCO ASA 5510 at work. We want to configure the same such that it can serve specific IP addresses based on the MAC address of the clients. Any help would be greatly appreciated. Thanks in advance -knd >>> More