- Posts: 9
- Thank you received: 0
Configuring NAT on asa 5505
17 years 8 months ago #20978
by alpine
Configuring NAT on asa 5505 was created by alpine
I am having a difficult time understanding how to do this. Here is a idea of my network
private
netvanta
11.11.0.0. 200.214.0.1
Currently my netvanta IOS firewall does the natting I want to disable the netvanta ios firewall for the ASA5505. How do I setup natting on the asa to replace the netvanta IOS fw. I have created a global route 0.0.0.0 192.168.0.1, this points to the e0/0 port on the netvanta. Would i add a static or dynamic rule? on ADSM I am thinking of trying this
Dynamic
interface inside
ip address 192.168.0.2 e0/0 in the asa 5505
mask 255.255.255.0
Dynamic translation interface inside
add global pool--range 11.11.0.0-11.11.255.255
would this work?
thanks
private
netvanta
11.11.0.0. 200.214.0.1
Currently my netvanta IOS firewall does the natting I want to disable the netvanta ios firewall for the ASA5505. How do I setup natting on the asa to replace the netvanta IOS fw. I have created a global route 0.0.0.0 192.168.0.1, this points to the e0/0 port on the netvanta. Would i add a static or dynamic rule? on ADSM I am thinking of trying this
Dynamic
interface inside
ip address 192.168.0.2 e0/0 in the asa 5505
mask 255.255.255.0
Dynamic translation interface inside
add global pool--range 11.11.0.0-11.11.255.255
would this work?
thanks
17 years 8 months ago #20979
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Configuring NAT on asa 5505
Hi there,
Static mappings are usually for allowing traffic in. You can define an external IP Address and Map it to an Internal IP Address for hosting services to the Internet. It does however work in the other way aswell, since the translation is in place it will work for both directions.
To do a NAT from inside to out you need to first define your global pool (or address/interface) and then assing a NAT.
This is done as follows;
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
The number 1 is used to "glue" if you like these two commands together. The Nat is saying MAP every possible internal address. The global is saying, translat these internal addresses to the addres on the outside interface (Will actually setup PAT but usually you only have a single IP Address). If you have a pool of addresses you can say,
global (outside) 1 10.10.10.100-10.10.10.150 netmask 255.255.255.0
This will basically configure 1 to 1 NAT translations for the first 50 devices 100-149 and then once the next ones come along, it will start to us PAT (NAT Overload some routers refer to it as).
Cheers
Wayne
Static mappings are usually for allowing traffic in. You can define an external IP Address and Map it to an Internal IP Address for hosting services to the Internet. It does however work in the other way aswell, since the translation is in place it will work for both directions.
To do a NAT from inside to out you need to first define your global pool (or address/interface) and then assing a NAT.
This is done as follows;
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
The number 1 is used to "glue" if you like these two commands together. The Nat is saying MAP every possible internal address. The global is saying, translat these internal addresses to the addres on the outside interface (Will actually setup PAT but usually you only have a single IP Address). If you have a pool of addresses you can say,
global (outside) 1 10.10.10.100-10.10.10.150 netmask 255.255.255.0
This will basically configure 1 to 1 NAT translations for the first 50 devices 100-149 and then once the next ones come along, it will start to us PAT (NAT Overload some routers refer to it as).
Cheers
Wayne
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.118 seconds