404 الصفحة التى تبحث عنها لم تعد موجودة ، نحن نعتذر على هذا الخطأ . يمكنك الذهاب الى الصفحة الرئيسية عبر الرابط التالى الرئيسية

jeudi 14 mai 2015

Cisco ASA Pre-8.3 NAT & Post-8.3 NAT

When Cisco made changes to the Cisco ASA software in 8.3, it completely shook the ASA engineering community. Major changes overhauled the operating system in how the Cisco ASA handles Network Address Translation.

Even today, these changes still surprise people when upgrading from 8.2 to 8.3 or later and many people have a hard time understanding these changes. However, these changes are actually a good thing as it gives you more granular control over the NAT function(s) that your Cisco ASA performs.

I have compiled a list of differences as shown below to help you understand the configurational differences between pre-v8.3 and post-v8.3 NAT configurations.

First we will start with STATIC NAT which is translation from one IP Address on the outside interface (203.0.113.20) to an IP Address on the inside interface (10.1.1.6)

Regular Static NAT 8.2 & Earlier

static (inside,outside) 203.0.113.20 10.1.1.6 netmask 255.255.255.255

Regular Static NAT 8.3 & Later

object network obj-10.1.1.6 host 10.1.1.6 nat (inside,outside) static 203.0.113.20

Next up is the Static PAT where we translate port 80 on the outside interface IP Address of 203.0.113.20 to inside IP 10.1.1.15 port 8080.

Regular Static PAT 8.2 & Earlier

static (inside,outside) tcp 203.0.113.20 80 10.1.1.15 8080 netmask 255.255.255.255

Regular Static PAT 8.3 & Later

object network obj-10.1.1.15 host 10.1.1.16 nat (inside,outside) static 203.0.113.20 service tcp 8080 www

Now we’ll take a look at Static Policy NAT where if the host IP Address 10.1.2.3 attempting to get to the subnet 10.75.7.0/27 gets NAT’d to 192.168.100.100 on the outside interface.

Static Policy NAT 8.2 & Earlier

access-list NET1 permit ip host 10.1.2.3 10.75.7.0 255.255.255.224!static (inside,outside) 192.168.100.100 access-list NET1

Static Policy NAT 8.3 & Later

object network obj-10.1.2.3 host 10.1.2.3object network obj-192.168.100.100 host 192.168.100.100object network obj-10.75.7.0 subnet 10.75.7.0 255.255.255.224nat (inside,outside) source static obj-10.1.2.3 obj-192.168.100.100 destination static obj-10.75.7.0 obj-10.75.7.0

التسميات : , , ,

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)

تعريف المدونة

اعلان مطور !!

الحقوق محفوظة لمدونة 4routing
تصميم : معاد معاش