Options

ASA NAT Problem

mzinzmzinz Member Posts: 328
in CCNA & CCENT
I'm having trouble with NAT.

This works:
static (Internal-201,ELI-External) tcp interface 3389 192.168.201.114 3389 netmask 255.255.255.255

This doesn't:
static (Internal-201,ELI-External) tcp MY_EXT_IP 3389 192.168.201.114 3389 netmask 255.255.255.255

Why wouldn't the second statement work? I'm positive that I'm typing in the correct external IP. When I attempt to RDP with the second statement instead of the first, it just gives me a connection error.

I think that only the first one works because 'interface' means that it uses PAT and overlaods, whereas the RDP host I'm connecting to doesn't know how to "get back" to me, since I'm inside my own local network. If this is true, then my next question is:
How can I have multiple NAT statements which use the same port, that direct to a certain host, depending on source IP?
_______LAB________
2x 2950
2x 3550
2x 2650XM
2x 3640
1x 2801
· Share on FacebookShare on Twitter

Comments

  • Options
    budabuda Inactive Imported Users Posts: 5 ■□□□□□□□□□
    I used to work at Cisco tac, and specifically dealt with the ASA. Its actually a feature of the IOS (I believe above 7.0) that if you specify the ip address of an interface with NAT you have to use the keyword "interface". Its a regular static xlate. This used to generate a lot of cases for us.
    see univerCD for more info:
    http://www.cisco.com/univercd/home/home.htm

    I'm not exactly sure about your second question, but you may try defyning the traffic using an access-list then use that list in your NAT. This wouldnt work statically, only for traffic coming back in to your inside hosts, but I think only one host would work at a time.


    Hope that helps.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.