Hi, How to handle the return traffic under NAT should be done by the router, not your config. Let me do some research and get back to you on the other questions. Sean ----- Original Message ----- From: "Andrew Hodgson" <Andrew.Hodgson@allpay.net> To: "blind-sysadmins" <blind-sysadmins@lists.hodgsonfamily.org> Sent: Thursday, July 03, 2008 11:35 PM Subject: Re: [Blind-sysadmins] Question for you Cisco ASA/router expertsoutthere
Hi,
I have corrected the config statements:
access-list outside_access_in extended permit tcp any host 192.168.1.10 eq 25
Needs to be changed to:
access-list outside_access_in extended permit tcp any host xx.xx.xx.211 eq 25
Then have this:
static (inside,outside) xx.xx.xx.211 192.168.1.10 netmask 255.255.255.240
The nat statements should just be this:
global (outside) 1 interface nat (inside) 1 0 0
The only thing I need to test is whether I need to have static statements to allow me to have NAT translations both ways - currently this is from the outside to inside, but I may need additional translations from the inside to the outside also.
Thanks. Andrew.
-----Original Message----- From: Sean Murphy [mailto:mhysnm1964@gmail.com] Sent: 03 July 2008 12:55 To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Question for you Cisco ASA/router experts outthere
Andrew,
I assume the external /30 public subnet has been assigned from your ISP.
The other /30 Public Address you own? If this is the case, then you can ask the ISP to route the current internal /30 Public subnet to your External
public address. This has to be done and could cost.
Configure the internal interface for the LAN as you want it.
The WAN (External) Interface should be configured for the current External Public IP Address. Cisco can have a secondary and third address. I need to verify this, but I don't think you would be required to configure this. You should have a static route which sends all traffic out your WAN port. So the correct route path is maintained.
Natting under Cisco isn't something I have done yet.
Sean
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins
-- allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone, Hereford, HR1 3SE. Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.
Telephone: 0870 243 3434, Fax: 0870 243 6041. Website: www.allpay.net Email: enquiries@allpay.net
This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this email in error please notify the allpay.net Information Security Manager at the number above.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins