Difference between revisions of "Nextelco:ASA nat"
From its-wiki.no
| Line 6: | Line 6: | ||
<li>The first step is to configure an ''access-list'' which will identify all IP traffic going from inside 192.168.2.0/24 network to outside 10.10.10.0/24 network.</li> | <li>The first step is to configure an ''access-list'' which will identify all IP traffic going from inside 192.168.2.0/24 network to outside 10.10.10.0/24 network.</li> | ||
ASA2(config)#access-list inside_nat_outside extended permit ip 192.168.2.0 255.255.255.0 10.10.10.0 255.255.255.0 | ASA2(config)#access-list inside_nat_outside extended permit ip 192.168.2.0 255.255.255.0 10.10.10.0 255.255.255.0 | ||
| − | <li>After configuring the access-list</li> | + | <li>After configuring the access-list it is necessary to create a nat rule for the inside interface, which will be the one that will be translated.</li> |
| + | ASA2(config)#nat (inside) 1 access-list inside_nat_outside | ||
| + | <li>And finally, a global rule has to be created for the outside interface in order to activate PAT and be able to translate all inside to outside communications using different port numbers.</li> | ||
| + | ASA2(config)#global (outside) 1 interface | ||
| + | INFO: outside interface address added to PAT pool | ||
</ol> | </ol> | ||
Revision as of 12:52, 29 May 2014
ASA NAT
In this section we will set up NAT in order to translate all IP headers of the packets going from inside to outside interfaces. At the same time the ASA will translate the packets coming back from the outside interface. We assume that ASA has already VLANs, IPs, interfaces, and ICMP traffic inspection configured from previous step.
- The first step is to configure an access-list which will identify all IP traffic going from inside 192.168.2.0/24 network to outside 10.10.10.0/24 network.
- After configuring the access-list it is necessary to create a nat rule for the inside interface, which will be the one that will be translated.
- And finally, a global rule has to be created for the outside interface in order to activate PAT and be able to translate all inside to outside communications using different port numbers.
ASA2(config)#access-list inside_nat_outside extended permit ip 192.168.2.0 255.255.255.0 10.10.10.0 255.255.255.0
ASA2(config)#nat (inside) 1 access-list inside_nat_outside
ASA2(config)#global (outside) 1 interface INFO: outside interface address added to PAT pool
Return to Phase 1 page.
