[c-nsp] NAT and PAT on ASA
Oddiraju, Kiran @ London SMC
Kiran.Oddiraju at cbre.com
Wed Jul 22 07:24:30 EDT 2009
Hi Ryan,
I have the below config in the protocol inspection rules, do you think
this is enough?
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
!
Many thanks,
Kiran
-----Original Message-----
From: Ryan West [mailto:rwest at zyedge.com]
Sent: 22 July 2009 09:47
To: Oddiraju, Kiran @ London SMC
Cc: cisco-nsp at puck.nether.net
Subject: RE: NAT and PAT on ASA
Kiran,
That's right. If you run into issues trying to pass SIP through your
firewall, you may need to look at the default service policy. There are
some protocol inspection rules enabled by default that might affect the
passing of SIP traffic.
-ryan
-----Original Message-----
From: Oddiraju, Kiran @ London SMC [mailto:Kiran.Oddiraju at cbre.com]
Sent: Wednesday, July 22, 2009 4:38 AM
To: Ryan West
Cc: cisco-nsp at puck.nether.net
Subject: RE: NAT and PAT on ASA
Hey Ryan,
That seems to be working, thanks. So if I want to allow more ports we do
it the same way right?
access-list myaccesslist ext permit tcp any host 58.66.76.88 eq SIP
access-list myaccesslist ext permit upd any host 58.66.76.88 eq SIP
Thanks,
Kiran
-----Original Message-----
From: Ryan West [mailto:rwest at zyedge.com]
Sent: 21 July 2009 19:48
To: Oddiraju, Kiran @ London SMC; cisco-nsp at puck.nether.net
Subject: RE: NAT and PAT on ASA
static (inside,outside) 58.66.76.88 192.168.0.100
show run access-group
take note of the acl to the outside interface, ACLs are on the ASA are
inbound.
access-list <myaccesslist> ext permit icmp any host 58.66.76.88 echo
access-list <myaccesslist> ext permit tcp any host 58.66.76.88 eq www
-ryan
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Oddiraju, Kiran
@ London SMC
Sent: Tuesday, July 21, 2009 2:09 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] NAT and PAT on ASA
Guys,
I am new to the ASA world, I have a bunch of external IP's from the ISP
and I have an inside host that I want to access externally. How do I
translate an inside ip (192.168.0.100) to an outside address
(58.66.76.88) on the ASA? I should be able to ping and www from outside
world to my inside host. Please let me know how to accomplish this.
Many thanks,
K
CB Richard Ellis Limited, Registered Office: St Martin's Court,
10 Paternoster Row, London, EC4M 7HP, registered in England and Wales
No. 3536032.
Regulated by the RICS and an appointed representative of CB Richard
Ellis
Indirect Investment Services Limited which is authorised and regulated
by the Financial Services Authority.
This communication is from CB Richard Ellis Limited or one of its
associated/subsidiary companies. This communication contains information
which is confidential and may be privileged. If you are not the intended
recipient,
please contact the sender immediately. Any use of its contents is
strictly prohibited
and you must not copy, send or disclose it, or rely on its contents in
any way whatsoever.
Reasonable care has been taken to ensure that this communication
(and any attachments or hyperlinks contained within it) is free from
computer viruses.
No responsibility is accepted by CB Richard Ellis Limited or its
associated/subsidiary
companies and the recipient should carry out any appropriate virus
checks.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
CB Richard Ellis Limited, Registered Office: St Martin's Court,
10 Paternoster Row, London, EC4M 7HP, registered in England and Wales
No. 3536032.
Regulated by the RICS and an appointed representative of CB Richard
Ellis
Indirect Investment Services Limited which is authorised and regulated
by the Financial Services Authority.
This communication is from CB Richard Ellis Limited or one of its
associated/subsidiary companies. This communication contains information
which is confidential and may be privileged. If you are not the intended
recipient,
please contact the sender immediately. Any use of its contents is
strictly prohibited
and you must not copy, send or disclose it, or rely on its contents in
any way whatsoever.
Reasonable care has been taken to ensure that this communication
(and any attachments or hyperlinks contained within it) is free from
computer viruses.
No responsibility is accepted by CB Richard Ellis Limited or its
associated/subsidiary
companies and the recipient should carry out any appropriate virus
checks.
CB Richard Ellis Limited, Registered Office: St Martin's Court,
10 Paternoster Row, London, EC4M 7HP, registered in England and Wales No. 3536032.
Regulated by the RICS and an appointed representative of CB Richard Ellis
Indirect Investment Services Limited which is authorised and regulated by the Financial Services Authority.
This communication is from CB Richard Ellis Limited or one of its
associated/subsidiary companies. This communication contains information
which is confidential and may be privileged. If you are not the intended recipient,
please contact the sender immediately. Any use of its contents is strictly prohibited
and you must not copy, send or disclose it, or rely on its contents in any way whatsoever.
Reasonable care has been taken to ensure that this communication
(and any attachments or hyperlinks contained within it) is free from computer viruses.
No responsibility is accepted by CB Richard Ellis Limited or its associated/subsidiary
companies and the recipient should carry out any appropriate virus checks.
More information about the cisco-nsp
mailing list