We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 644 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

497 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Hi Asi,

    The first statement tells the ASA that a device with IP address 192.168.1.1 on the DMZ has to be translated to 192.168.2.200 which is on the outside. On the interfaces we configured to which security-zone it belongs (INSIDE, DMZ or OUTSIDE).

    The direction doesn’t matter…from the outside you can connect to 192.168.2.200 and it will be translated to 192.168.1.1. When 192.168.1.1 initiates traffic that goes from DMZ > outside then it also gets translated to 192.168.2.200. The only thing the ASA cares about is what to translate.

    The same thing applies to th

    ... Continue reading in our forum

  2. Hi Asi,

    As a rule of thumb, you can use (INSIDE,OUTSIDE) or (DMZ,OUTSIDE) when you want to translate the entire subnet of your INSIDE or DMZ to a public IP address.

    (OUTSIDE,INSIDE) or (OUTSIDE,DMZ) can be used for port forwarding.

    Rene

  3. Thanks Rene . I have sorted out the issue when capturing the packet.Many Thanks

  4. Hello Naila

    Let’s look again at the example that Rene was referring to:

    ASA1(config)# object network WEB_SERVER
    ASA1(config-network-object)# host 192.168.1.1
    ASA1(config-network-object)# nat (DMZ,OUTSIDE) static 192.168.2.200
    

    This statement will cause a translation from host 192.168.1.1 which is on the DMZ to be translated to a static external IP address of 192.168.2.200. This translation functions both ways, meaning that when 192.168.1.1 communicates with devices on the outside, the source address of this communication will be translated to 192.168.2.200, an

    ... Continue reading in our forum

37 more replies! Ask a question or join the discussion by visiting our Community Forum