Nextelco:ASA nat
From its-wiki.no
ASA NAT
In this section we will set up NAT in order to translate all IP headers of the packets going from inside to outside interfaces. At the same time the ASA will translate the packets coming back from the outside interface. We assume that ASA has already VLANs, IPs, interfaces, and ICMP traffic inspection configured from previous step.
- The first step is to configure an access-list which will identify all IP traffic going from inside 192.168.2.0/24 network to outside 10.10.10.0/24 network.
- After configuring the access-list it is necessary to create a nat rule for the inside interface, which will be the one that will be translated.
- And finally, a global rule has to be created for the outside interface in order to activate PAT and be able to translate all inside to outside communications using different port numbers.
ASA2(config)#access-list inside_nat_outside extended permit ip 192.168.2.0 255.255.255.0 10.10.10.0 255.255.255.0
ASA2(config)#nat (inside) 1 access-list inside_nat_outside
ASA2(config)#global (outside) 1 interface INFO: outside interface address added to PAT pool
Return to Phase 1 page.