Hello List, a easy Cisco question.
bill at kruchas.com
bill at kruchas.com
Mon Jul 11 20:43:28 UTC 2011
Thank You all,
Here are some of the suggestions so far, all good. And I will followup
on them and report back the final solution.
Some reading for tonite ( I already had it and skimmed thru, but I'll
need to digest it better).
I'm hoping that I'm not beating my head against the wall using Nat
instead of Pat, and not sure if Pat would be acceptable.
Anyway, thanks again.
Bill
******************************************************
Hey Bill,
I don't think you can do a static NAT translation on a NAT egress IP
address. Have you considered using Port Address Translation instead?
Cheers,
Taylor
As per [1]http://www.nanog.org/mailinglist/listfaqs/otherlists.php,
since
I don't see any responses to the list here, you'll probably get a more
comprehensive reply from real Cisco experts at
[2]http://puck.nether.net/mailman/listinfo/cisco-nsp
I hope you get the problem solved!
Whatever happens, do post back a reply to the list saying what solved
the problem in the end.
Alex
-------- Original Message --------
Subject: RE: Hello List, a easy Cisco question.
From: "Eric Tykwinski" <[3]eric-list at truenet.com>
Date: Mon, July 11, 2011 12:47 pm
To: <[4]bill at kruchas.com>
Bill,
Sounds like you need to use Port Address Translation (PAT), instead of
Network Address Translation (NAT).
Here's a Cisco help file for it:
[5]http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_
note09186a00804708b4.shtml
Sincerely,
Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222
-----Original Message-----
From: [6]bill at kruchas.com [[7]mailto:bill at kruchas.com]
Sent: Monday, July 11, 2011 3:34 PM
To: nanog
Subject: Hello List, a easy Cisco question.
Hello,
I am not a heads down network guy, but I have setup a few
firewalls, and have got them to do what I wanted, "eventually". But
mostly through reading and trial and error.
I am struggling with this one, but I think I know the answer, but
want to verify it with some experts.
We have a cisco asa 5505, with an internet connection with only one
useable ip address (subnet 255.255.255.252). We/they have had a nat
setup for outgoing connections for some time, but I have been trying to
get a new inbound connection going for terminal services to a specific
host on tcp port 3389. I'm using "ASDM" but checking the config file
and it's building the correct static statement, and access lists (I
think anyway). But It doesn't work, and doesn't give a real good
definative log message. I was wondering if possibly the fact that nat
is using the one ip address, if that precludes the static mapping from
working.
I've read several step by steps, and again had this working several
other places, but always with more ip's. If having just one ip isn't
the isssue, is there any other issues I should be looking for.
I'd appreciate any insight you might share.
Thanks in advance
References
1. http://www.nanog.org/mailinglist/listfaqs/otherlists.php
2. http://puck.nether.net/mailman/listinfo/cisco-nsp
3. mailto:eric-list at truenet.com
4. mailto:bill at kruchas.com
5. http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml
6. mailto:bill at kruchas.com
7. mailto:bill at kruchas.com
More information about the NANOG
mailing list