[c-nsp] 8.3 nat question asa
Jason Gurtz
jasongurtz at npumail.com
Fri Aug 26 09:09:28 EDT 2011
> I have defined dynamic source nat rule:
>
> Here is the relevant config:
>
> object network obj-10.201.0.0
> subnet 10.201.0.0 255.255.0.0
>
> object network obj-2.2.2.102
> host 2.2.2.102
>
> nat (inside,outside) source dynamic obj-10.201.0.0 obj-2.2.2.102
Food for thought (not sure if this is worse/better/same). Say the outside
interface, 2.2.2.102, is part of network 2.2.2.96/28
!
object network Obj-Everything
subnet 0.0.0.0 0.0.0.0
!
! Subnet that non-employees end up on; they go out via a different
! public IP
object network Obj-Guest-Net
subnet 172.20.0.0 255.255.0.0
!
object network Obj-Everything
nat (inside,outside) dynamic interface
object network Obj-Guest-Net
nat (inside,outside) dynamic 2.2.2.103
> What i am looking to do, if possible (i believe it should be) is do a
> static mapping from the outside of 2.2.2.102:80 to a single ip address
in
> the
> 10.201.0.0/16 net, for ex 10.201.10.10:80
>
> [...]
>
> Is that correct? Also, what is the syntax for mapping only port 80 of
> obj-2.2.2.102 to obj-10.201.10.10?
> so, obj-2.2.2.102 port 80 to obj-10.201.10.10 port 80
"Map all ports on public IP x to private IP y" should be similar but we
have only implemented the latter, more specific case:
object network HostName1_TCP7979
host 10.201.1.10
object network HostName1_TCP8888
host 10.201.1.10
!
object-group service HostName-Ports tcp
description GPIM active tcp ports
port-object eq 7979
port-object eq 8888
!
access-list Inbound extended permit tcp any host 10.201.1.10 object-group
HostName-Ports log
!
object network HostName1_TCP7979
nat (inside,outside) static interface service tcp 7979 7979
object network HostName1_TCP8888
nat (inside,outside) static interface service tcp 8888 8888
!
I do remember the sh run output for the object related commands in 8.3
seemed a little wacky, but looking at this I'm not sure if we tried
something like this or not:
Object network HostName1_PortMap
host 10.201.1.10
nat (inside,outside) static interface service object HostName-Ports
~JasonG
More information about the cisco-nsp
mailing list