Skip to main content

Configuring NAT on asa 5505

More
17 years 8 months ago #20978 by alpine
I am having a difficult time understanding how to do this. Here is a idea of my network

private
netvanta
11.11.0.0. 200.214.0.1

Currently my netvanta IOS firewall does the natting I want to disable the netvanta ios firewall for the ASA5505. How do I setup natting on the asa to replace the netvanta IOS fw. I have created a global route 0.0.0.0 192.168.0.1, this points to the e0/0 port on the netvanta. Would i add a static or dynamic rule? on ADSM I am thinking of trying this

Dynamic
interface inside
ip address 192.168.0.2 e0/0 in the asa 5505
mask 255.255.255.0

Dynamic translation interface inside
add global pool--range 11.11.0.0-11.11.255.255

would this work?

thanks
More
17 years 8 months ago #20979 by Smurf
Hi there,

Static mappings are usually for allowing traffic in. You can define an external IP Address and Map it to an Internal IP Address for hosting services to the Internet. It does however work in the other way aswell, since the translation is in place it will work for both directions.

To do a NAT from inside to out you need to first define your global pool (or address/interface) and then assing a NAT.

This is done as follows;

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0

The number 1 is used to "glue" if you like these two commands together. The Nat is saying MAP every possible internal address. The global is saying, translat these internal addresses to the addres on the outside interface (Will actually setup PAT but usually you only have a single IP Address). If you have a pool of addresses you can say,

global (outside) 1 10.10.10.100-10.10.10.150 netmask 255.255.255.0

This will basically configure 1 to 1 NAT translations for the first 50 devices 100-149 and then once the next ones come along, it will start to us PAT (NAT Overload some routers refer to it as).

Cheers

Wayne

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.118 seconds