top of page
Search
Writer's picturePASS HOT

Comparison of the ASA NAT8.3

The comparison of the following commands is summarized by an engineer on the Internet. The personal feelings are summed up well. The special records are as follows and some examples are given. After the ASA configuration 8.3 is mainly the biggest change in NAT, basically restart. It mainly means to define an object first and then call the object. Obviously, this is to learn from other manufacturers. It also shows that Cisco is not self-sufficient and is constantly learning and improving. However, I think it is hard to understand after 8.3NAT. Of course, this is  personal idea so you have to relearn the configuration. I remember that when I was configuring it, it took me half a year to understand the meaning of these NATs. In the configuration or often in the project configuration error that I also cannot find the reason. I suggest you guys can slowly try in the project. It is possible to really understand the following commands.




The above configuration is the most commonly used one-to-one static mapping, mainly to do some mapping to the server, so that the external network can access, it is obvious that the mapping does not call the currently defined parameters, so far, still do not understand the reason. The second mapping is port mapping. This is very common and is the most used in the project. The client has only one public network address, but needs to do different services for different servers, so it is distinguished by port. Note that the complete configuration also has the following commands, which need to be released and applied to the interface.

object network 192.168.1.1

 host 192.168.1.1

nat (inside1,outside) static interface service tcp 80 80

  nat (inside1,outside) static interface service tcp 443 443 access-list 101 extended permit tcp any host 192.168.1.1 eq 80

access-list 101 extended permit tcp any host 192.168.1.1 eq 443

access-group 101 in interface outside





The most commonly used of the above configurations is PAT.

object network inside1

 subnet 192.168.1.0 255.255.255.0

 nat (inside1,outside) dynamic interface

 object network inside0 subnet 192.168.0.0 255.255.255.0

 nat (inside0,outside) dynamic interface

 route outside 0.0.0.0 0.0.0.0 18.12.18.13

Note: The above configuration is the PAT conversion of multiple internal network ports.

Recommend PASSHOT for everyone, this is a website with a lot of articles about Cisco technology, and if you want to test Cisco CCIE Written exam or Cisco CCIE LAB exam, you can consult here, you can guarantee 100% pass the exam.

0 views0 comments

Recent Posts

See All

Comentários


文章: Blog2_Post
bottom of page