Saturday, March 25, 2017

configure nat and port forwarding on asa

***diagram/information***
lan1: 1.1.1.0/24
internet1: 10.0.0.0/24

 LAN-------------(lan1)ASA(internet1)---------------Internet

*****************

1- asa configuration file
: Saved
:
ASA Version 8.0(2)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 nameif lan1
 security-level 0
 ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0/1
 nameif internet1
 security-level 0
 ip address 10.0.0.2 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown    
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/5
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
same-security-traffic permit inter-interface
pager lines 24
mtu lan1 1500
mtu internet1 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (internet1) 1 interface
global (internet1) 2 10.0.0.3
nat (lan1) 1 1.1.1.0 255.255.255.0
static (lan1,internet1) tcp 10.0.0.3 telnet 1.1.1.2 telnet netmask 255.255.255.255
route internet1 0.0.0.0 0.0.0.0 10.0.0.1 1
timeout xlate 3:00:00
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
!            
prompt hostname context
Cryptochecksum:00000000000000000000000000000000
: end




***show nat***
ciscoasa# show nat
NAT policies on Interface lan1:
  match tcp lan1 host 1.1.1.2 eq 23 internet1 any
    static translation to 10.0.0.3/23
    translate_hits = 0, untranslate_hits = 2
  match ip lan1 1.1.1.0 255.255.255.0 lan1 any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match ip lan1 1.1.1.0 255.255.255.0 internet1 any
    dynamic translation to pool 1 (10.0.0.2 [Interface PAT])
    translate_hits = 13, untranslate_hits = 5



No comments:

Post a Comment