Scribd Logo
Carica

Benvenuto in Scribd!

  • ASA NAT Cheat Sheet For 8.2 and 8.4 Update

    Caricato da

    Sachin Guda
    134 visualizzazioni5 pagine
    The document provides a cheat sheet on different types of network address translation (NAT) configurations for Cisco ASA firewalls. It lists the commands for static NAT, static port translation, static policy NAT, identity NAT, dynamic NAT/PAT, and dynamic policy NAT/PAT. For each NAT type, it shows both the pre-8.3(1) and post-8.3(1) object-oriented commands.

    Descrizione originale:

    ASA NAT Cheat Sheet

    Titolo originale

    ASA NAT Cheat Sheet for 8.2 and 8.4 update

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    The document provides a cheat sheet on different types of network address translation (NAT) configurations for Cisco ASA firewalls. It lists the commands for static NAT, static port translation, static policy NAT, identity NAT, dynamic NAT/PAT, and dynamic policy NAT/PAT. For each NAT type, it shows both the pre-8.3(1) and post-8.3(1) object-oriented commands.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    134 visualizzazioni5 pagine

    ASA NAT Cheat Sheet For 8.2 and 8.4 Update

    Caricato da

    Sachin Guda
    The document provides a cheat sheet on different types of network address translation (NAT) configurations for Cisco ASA firewalls. It lists the commands for static NAT, static port translation, static policy NAT, identity NAT, dynamic NAT/PAT, and dynamic policy NAT/PAT. For each NAT type, it shows both the pre-8.3(1) and post-8.3(1) object-oriented commands.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 5

    1

    ASA NAT Cheat Sheet NetFixPro.com

    Local n/w or Real n/w


    Global n/w or Mapped n/w
    Remote n/w or Destination n/w

    Static NAT
    Pre-8.3(1)

    static (inside,outside) 50.50.50.50 10.10.10.10


    static (dmz,outside) 60.60.60.60 10.10.20.20 dns

    Using Auto NAT - Post 8.3(1)

    object network DB-SVR


    host 10.10.10.10
    nat (inside,outside) static 50.50.50.50

    object network APP-SVR


    host 10.10.20.20
    nat (dmz,outside) static 60.60.60.60 dns

    Using Manual NAT - Post 8.3(1)

    object network DB-SVR


    host 10.10.10.10
    !
    object-group network DB-SVR-MAPPED
    network-object host 50.50.50.50
    !
    nat (inside,outside) source static DB-SVR DB-SVR-MAPPED

    object network APP-SVR


    host 10.10.20.20
    !
    object-group network APP-SVR-MAPPED
    network-object host 60.60.60.60
    !
    nat (dmz,outside) source static APP-SVR APP-SVR-MAPPED dns

    By Ashutosh Patel NetFixPro.com


    2
    ASA NAT Cheat Sheet NetFixPro.com

    Static Port Translation


    Pre - 8.3(1)

    static (dmz,outside) tcp 60.60.60.60 8080 10.10.20.20 80


    static (dmz,outside) 60.60.60.60 10.10.20.20

    Using Auto NAT - Post 8.3(1)

    object network +APP-SVR-http


    host 10.10.20.20
    nat (dmz,outside) static 60.60.60.60 service tcp 80 8080
    !
    object network APP-SVR
    host 10.10.20.20
    nat (dmz,outside) static 60.60.60.60

    Using Manual NAT - Post 8.3(1)

    object network APP-SVR


    host 10.10.20.20
    !
    object-group network APP-SVR-MAPPED
    network-object host 60.60.60.60
    !
    object service TCP-80
    service tcp source eq 80
    object service TCP-8080
    service tcp source eq 8080
    !
    nat (dmz,outside) source static APP-SVR APP-SVR-MAPPED service TCP-80 TCP-8080
    nat (dmz,outside) source static APP-SVR APP-SVR-MAPPED

    By Ashutosh Patel NetFixPro.com


    3
    ASA NAT Cheat Sheet NetFixPro.com

    Static Policy NAT


    Pre 8.3(1)

    access-list policy-nat permit ip 10.10.10.0 255.255.255.0 10.30.30.0 255.255.255.0


    static (inside,outside) 172.16.10.0 access-list policy-nat

    Using Manual NAT - Post 8.3(1)

    object network INSIDE-NET


    subnet 10.10.10.0 255.255.255.0
    !
    object network INSIDE-NET-MAPPED
    subnet 172.16.10.0 255.255.255.0
    !
    object network REMOTE-DEST
    subnet 10.30.30.0 255.255.255.0
    !
    nat (inside,outside) source static INSIDE-NET INSIDE-NET-MAPPED destination static REMOTE-
    DEST REMOTE-DEST

    Identity NAT / NAT exemption


    Pre 8.3(1)

    access-list nat_exempt permit ip 10.10.10.0 255.255.255.0 10.20.20.0 255.255.255.0


    nat (inside) 0 access-list nat_exempt

    Using Manual NAT - Post 8.3(1)

    object-group network LOCAL-NET


    subnet 10.10.10.0 255.255.255.0
    !
    object network REMOTE-NET
    subnet 10.20.20.0 255.255.255.0
    !
    nat (inside,outside) source static LOCAL-NET LOCAL-NET destination static REMOTE-NET
    REMOTE-NET

    By Ashutosh Patel NetFixPro.com


    4
    ASA NAT Cheat Sheet NetFixPro.com

    Dynamic NAT / PAT


    Pre 8.3(1)

    nat (dmz) 20 10.10.20.0 255.255.255.0


    global (outside) 20 65.65.65.65
    !
    nat (inside) 10 10.10.10.0 255.255.255.0
    global (outside) 10 interface

    Using Auto NAT - Post 8.3(1)

    object network DMZ-NET-MAPPED


    host 65.65.65.65
    !
    object network DMZ-NET
    subnet 10.10.20.0 255.255.255.0
    nat (dmz,outside) dynamic pat-pool DMZ-NET-MAPPED

    object network INSIDE-NET


    subnet 10.10.10.0 255.255.255.0
    nat (inside,outside) dynamic interface

    Using Manual NAT - Post 8.3(1)

    object network INSIDE-NET


    subnet 10.10.10.0 255.255.255.0
    !
    nat (inside,outside) source dynamic INSIDE-NET interface

    object network DMZ-NET


    subnet 10.10.20.0 255.255.255.0
    !
    object network DMZ-NET-MAPPED
    host 65.65.65.65
    !
    nat (dmz,outside) source dynamic DMZ-NET pat-pool DMZ-NET-MAPPED

    By Ashutosh Patel NetFixPro.com


    5
    ASA NAT Cheat Sheet NetFixPro.com

    Dynamic Policy NAT/PAT


    Pre 8.3(1)

    access-list dyn-pnat-telnet permit tcp 10.10.10.0 255.255.255.0 any eq 23


    access-list dyn-pnat-http permit tcp 10.10.10.0 255.255.255.0 any eq 80
    !
    nat (inside) 5 access-list dyn-pnat-telnet
    nat (inside) 6 access-list dyn-pnat-http
    !
    global (outside) 5 41.41.41.10
    global (outside) 6 41.41.41.11

    Using Manual NAT - Post 8.3(1)

    object network INSIDE-NET


    subnet 10.10.10.0 255.255.255.0
    !
    object network IN-OUT-TELNET-MAPPED
    host 41.41.41.10
    !
    object network IN-OUT-HTTP-MAPPED
    host 41.41.41.11
    !
    object network ANY-DEST
    subnet 0.0.0.0 0.0.0.0
    !
    object service TCP-23
    service tcp destination eq 23
    !
    object service TCP-80
    service tcp destination eq 80
    !
    nat (inside,outside) source dynamic INSIDE-NET IN-OUT-TELNET-MAPPED destination static
    ANY-DEST ANY-DEST service TCP-23 TCP-23
    nat (inside,outside) source dynamic INSIDE-NET IN-OUT-HTTP-MAPPED destination static
    ANY-DEST ANY-DEST service TCP-80 TCP-80

    By Ashutosh Patel NetFixPro.com

    Potrebbero piacerti anche