Hi,
I have corrected the config statements:
access-list outside_access_in extended permit tcp any host 192.168.1.10 eq 25
Needs to be changed to:
access-list outside_access_in extended permit tcp any host xx.xx.xx.211 eq 25
Then have this:
static (inside,outside) xx.xx.xx.211 192.168.1.10 netmask 255.255.255.240
The nat statements should just be this:
global (outside) 1 interface nat (inside) 1 0 0
The only thing I need to test is whether I need to have static statements to allow me to have NAT translations both ways - currently this is from the outside to inside, but I may need additional translations from the inside to the outside also.
Thanks. Andrew.
-----Original Message----- From: Sean Murphy [mailto:mhysnm1964@gmail.com] Sent: 03 July 2008 12:55 To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Question for you Cisco ASA/router experts outthere
Andrew,
I assume the external /30 public subnet has been assigned from your ISP.
The other /30 Public Address you own? If this is the case, then you can ask the ISP to route the current internal /30 Public subnet to your External
public address. This has to be done and could cost.
Configure the internal interface for the LAN as you want it.
The WAN (External) Interface should be configured for the current External Public IP Address. Cisco can have a secondary and third address. I need to verify this, but I don't think you would be required to configure
Hi, Another thing I realised after posting this was that in the NAT statements, all bits must be set in the subnet mask as we are addressing a single host. I will let you know how it goes after I do the work - won't be for a while though. Thanks. Andrew. -----Original Message----- From: Sean Murphy [mailto:mhysnm1964@gmail.com] Sent: 04 July 2008 04:10 To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Question for you Cisco ASA/router expertsoutthere Andrew, It sounds you have enough knowledge of Cisco commands without me giving you the actual steps. So I shall provide you with general terms: DNAT (Destination Network Address Translation) External interface destination address plus port going to Internal interface address plus internal port. The server receiving the Natted traffic shall still have the source address of the sender. The default route should handle the return traffic and the router should perform the reverse NAT. What you posted looks fine to me and I do not think you require a reverse NAT rule. Sean ----- Original Message ----- From: "Andrew Hodgson" <Andrew.Hodgson@allpay.net> To: "blind-sysadmins" <blind-sysadmins@lists.hodgsonfamily.org> Sent: Thursday, July 03, 2008 11:35 PM Subject: Re: [Blind-sysadmins] Question for you Cisco ASA/router expertsoutthere this.
You should have a static route which sends all traffic out your WAN port. So the correct route path is maintained.
Natting under Cisco isn't something I have done yet.
Sean
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins
-- allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone, Hereford, HR1 3SE. Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.
Telephone: 0870 243 3434, Fax: 0870 243 6041. Website: www.allpay.net Email: enquiries@allpay.net
This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this email in error please notify the allpay.net Information Security Manager at the number above.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins -- allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone, Hereford, HR1 3SE. Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88. Telephone: 0870 243 3434, Fax: 0870 243 6041. Website: www.allpay.net Email: enquiries@allpay.net This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this email in error please notify the allpay.net Information Security Manager at the number above.