Announcement

Collapse
No announcement yet.

Cisco ASA 5505 - NAT Translations

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco ASA 5505 - NAT Translations

    Trying to set up multiple NAT translations between outside and inside IPs.

    Essentially, i want this:

    172.16.1.12 <>10.10.10.10
    172.16.1.12 <>10.10.10.11
    172.16.1.13<>10.10.10.10
    172.16.1.13 <>10.10.10.11

    When I try to set it up in ASDM, and up in the second translation, it gives me an conflict error.

    Any suggestions?

  • #2
    Re: Cisco ASA 5505 - NAT Translations

    Well you're overlapping so no you can't do that. You can use the same IP only if its a PAT.

    For example:

    172.16.1.12:5555 <>10.10.10.10:5555
    172.16.1.12:6666 <>10.10.10.11:6666
    172.16.1.13:5555 <>10.10.10.10:5555
    172.16.1.13:6666 <>10.10.10.11:6666

    Comment


    • #3
      Re: Cisco ASA 5505 - NAT Translations

      moved.....
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Cisco ASA 5505 - NAT Translations

        Is it possible to set up a NAT translation that goes from two empty sets up IPs.

        For example, I want my ASA to be able to communicate from

        10.x.x.x <> 172.x.x.x

        Before, i was asking about having multiple NAT translations between outside and inside ports. I would like to just set up one large translation (if that makes sense)

        Thanks!!
        Last edited by cg207005; 19th January 2010, 19:34.

        Comment


        • #5
          Re: Cisco ASA 5505 - NAT Translations

          euhhh do you mean dynamic nat?
          http://www.cisco.com/en/US/products/...807fc191.shtml
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Cisco ASA 5505 - NAT Translations

            Thanks for the link...
            I think what im trying to ask is if its possible to have two global pools translate to each other?


            Here is the situation..i want to be able to translate these four IPS

            (Inside)
            172.16.1.1X
            172.16.1.22X
            172.16.1.7X
            172.16.1.X

            and have each of these four IPS talk to these two IPS

            10.10.10.10
            10.10.10.11
            Last edited by cg207005; 19th January 2010, 21:50.

            Comment


            • #7
              Re: Cisco ASA 5505 - NAT Translations

              I've merged the 2 threads together since they are (almost) identical from the same poster.
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Cisco ASA 5505 - NAT Translations

                Dumber is right, you're going to need some kind of policy NAT/dynamic NAT. There are very specific requirements for this, and you must know the source of the traffic by IP address and the destination on your network. This also does not support port ranges (even with service groups) AFAIK. If you have a handful of services that are limited to just a few ports, you can setup a few static NATs that will translate your outside to inside just fine. Let us know more about what you'd like to do. You've already told us you want to translate some IP addresses, but it's important to also understand the source(s) of that traffic, the traffic type (TCP/UDP/etc.) and the port numbers and whether they need to be forwarded.

                Regards,
                Scott
                Scott Pickles
                Systems Engineer
                VPN Systems, Inc.
                www. vpnsystems. com
                *******************
                CCNA - CCDA - BCMSN

                Comment

                Working...
                X