Skip navigation
Cisco Learning Home > Certifications > CCIE Security > Discussions

_Communities

879 Views 2 Replies Latest reply: Mar 14, 2012 5:50 AM by euchime RSS

Currently Being Moderated

NAT with Virtual IP address

Mar 13, 2012 12:46 PM

euchime 2 posts since
Feb 7, 2010

Greetings!

 

I have a nagging question about NAT. I thought I nailed it down long time ago, but as you know, knowledge stales if not used frequent.

 

I am running ASA5510 OS 8.2.2. There are Two Web Servers in DMZ with Virtual IP address 10.5.5.5. I want to NAT so users in 10.6.6.0/24 network will be NATted to 10.5.5.5 to access the 10.5.5.0/24 network. For instance, http://10.6.6.6 will be translated to 10.5.5.5

 

The ASA has four interfaces configured (inside, outside, dmz and dept)

 

interface GigabitEthernet0/0

speed 1000

duplex full

nameif outside

security-level 0

ip address 1.1.1.1 255.255.255.0 standby 1.1.1.2

!

interface GigabitEthernet0/1

speed 1000

duplex full

nameif inside

security-level 100

ip address 2.2.2.1 255.255.255.0 standby 2.2.2.2

!

interface GigabitEthernet0/2

speed 1000

duplex full

nameif dept

security-level 10

ip address 10.6.6.1 255.255.255.128 standby 10.6.6.2

 

interface GigabitEthernet1/1

speed 1000

duplex full

nameif dmz

security-level 50

ip address 10.5.5.1 255.255.255.0 standby 10.5.5.2

 

 

nat-control

global (inside) 1 interface

global (dept) 1 interface

nat (inside) 0 access_nonat1

nat (dept) 0 access_nonat2

nat (dmz) 0 access_nonat3

 

access-list dept_access extended permit tcp 10.6.6.0 255.255.255.0 10.5.5.0 255.255.255.0 eq 80

static (dept,dmz) 10.5.5.5 10.6.6.6 netmask 255.255.255.255

 

access-group in dept_access in interface dept

access-group in dmz_access in interface dmz

access-group in outside_access in interface outside

 

This does not work, then when I added the following to NAT traffic from dmz back to dept, I get Asymetric NAT error, reverse path failure

static (dmz,dept) 10.6.6.6  10.5.5.5 netmask 255.255.255.255

 

What am I doing wrong?

 

Thanks

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)