[c-nsp] NAT and PAT on ASA
Ryan West
rwest at zyedge.com
Wed Jul 22 03:52:21 EDT 2009
Tony,
I agree that I chose the wrong wording here. It should have read, the ACL you're concerned with is inbound on the outside interface. Otherwise, the configlet is fine.
I find the netmask option to be irrelevant, unless you're falling on obvious bit boundaries within the same class or doing NAT shifting. I guess I'm a creature of habit and go with the path of least keystrokes. When you're creating isakmp keys, do you type:
tunnel-group 169.254.50.50 type ipsec-l2l
tunnel-group 169.254.50.50 ipsec-attributes
pre-shared-key BestPractices
or
isakmp key BestPractices address 169.254.50.50
They both produce the same results. I guess the BU gave up on calling it a deprecated command, it hasn't seemed to complain since 7.2.
-ryan
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tony Varriale
Sent: Tuesday, July 21, 2009 10:42 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] NAT and PAT on ASA
Ryan,
I would recommend completing your static with the appropriate netmask.
Also, ACLs can be applied in and out on an interface on ASA and PIX since
7.0.
tv
----- Original Message -----
From: "Ryan West" <rwest at zyedge.com>
To: "Oddiraju, Kiran @ London SMC" <Kiran.Oddiraju at cbre.com>;
<cisco-nsp at puck.nether.net>
Sent: Tuesday, July 21, 2009 1:48 PM
Subject: Re: [c-nsp] NAT and PAT on ASA
> static (inside,outside) 58.66.76.88 192.168.0.100
> show run access-group
> take note of the acl to the outside interface, ACLs are on the ASA are
> inbound.
> access-list <myaccesslist> ext permit icmp any host 58.66.76.88 echo
> access-list <myaccesslist> ext permit tcp any host 58.66.76.88 eq www
>
> -ryan
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Oddiraju, Kiran @
> London SMC
> Sent: Tuesday, July 21, 2009 2:09 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] NAT and PAT on ASA
>
> Guys,
>
>
>
> I am new to the ASA world, I have a bunch of external IP's from the ISP
> and I have an inside host that I want to access externally. How do I
> translate an inside ip (192.168.0.100) to an outside address
> (58.66.76.88) on the ASA? I should be able to ping and www from outside
> world to my inside host. Please let me know how to accomplish this.
>
>
>
> Many thanks,
>
> K
>
>
> CB Richard Ellis Limited, Registered Office: St Martin's Court,
> 10 Paternoster Row, London, EC4M 7HP, registered in England and Wales No.
> 3536032.
> Regulated by the RICS and an appointed representative of CB Richard Ellis
> Indirect Investment Services Limited which is authorised and regulated by
> the Financial Services Authority.
>
> This communication is from CB Richard Ellis Limited or one of its
> associated/subsidiary companies. This communication contains information
> which is confidential and may be privileged. If you are not the intended
> recipient,
> please contact the sender immediately. Any use of its contents is strictly
> prohibited
> and you must not copy, send or disclose it, or rely on its contents in any
> way whatsoever.
> Reasonable care has been taken to ensure that this communication
> (and any attachments or hyperlinks contained within it) is free from
> computer viruses.
> No responsibility is accepted by CB Richard Ellis Limited or its
> associated/subsidiary
> companies and the recipient should carry out any appropriate virus checks.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list