Configuring Network Address Translation (NAT)

Configuring Network Address Translation (NAT) | Cisco ASA Firewalls

Рет қаралды 38,568

Күн бұрын

Configuring Network Address Translation (NAT) | Cisco ASA Firewalls
By popular demand, here is the live config and explanation of Network Address Translation (NAT) on the Cisco ASA Firewall.
We’re approaching this by using a lab, built in VIRL. This is based on the lab we used in the ACL video. If you’re a Patreon supporter you can download this lab in VIRL, GNS3, or just the config files (link below).
We’ve created a more realistic scenario, where we need public IP addresses to reach the internet. There’s a few things that we need to configure now; We need an IP for general internet access (dynamic NAT, using PAT or a PAT pool), We also need a static NAT, so devices on the internet can reach the intranet server.
In addition, we want to consider how DNS will work, now that there will be different IP addresses on the Inside, DMZ, and Outside areas.
There are some concepts we’ll cover as well. These include Object NAT and Twice NAT, and how they apply in different sections to create NAT policies.
Another concept is real addresses (the original address) and mapped addresses (the translated address). In addition, we need to consider unidirectional NAT and bidirectional NAT. Not to mention talking about source NAT and destination NAT.
Lab: networkdirection.net/labsandq...
Patreon information: networkdirection.net/patreon/
ASA Clustering: • ASA Firewalls | High A...
Cisco ASA: All-in-one Next-Generation Firewall, IPS, and VPN Services (affiliate): click.linksynergy.com/link?id...
Overview of this video:
0:00 Introduction
0:21 Lab Setup
2:17 ASA’s Viewpoint of NAT
4:34 Static NAT
7:02 Dynamic NAT
12:47 Rule Order
16:40 Static Port Translation
18:28 Identity NAT
20:57 DNS Rewrite
LET'S CONNECT
🌏 / networkdirection
🌏 / netwrkdirection
🌏 / networkdirection
🌏 www.networkdirection.net
#NetworkDirection

Пікірлер: 20

@NetworkDirection 5 жыл бұрын

Thanks for watching! Lab files here: networkdirection.net/labsandquizzes/labs/lab-nat-on-the-cisco-asa/

@fernandoalbuquerque6645 3 жыл бұрын

Terrific teaching.

@NetworkDirection 3 жыл бұрын

Thanks!

@markspeeps 4 жыл бұрын

OMG I wish I would have seen a video like this when I first started working on ASA firewalls. It fills in many of the blanks I had in the past.

@NetworkDirection 4 жыл бұрын

Too bad I couldn't have done this sooner!

@rebeccarobertson8360 5 жыл бұрын

Loving the beginning of this video! The visuals are great!

@NetworkDirection 5 жыл бұрын

Thanks!

@johnvincentsison7147 4 жыл бұрын

Great reference for NAT in ASA!!! Big THANKS!

@keooka 4 жыл бұрын

Very good video. Make more! Thanks

@NetworkDirection 4 жыл бұрын

Glad you like it!

@AmbientMelancholy 3 жыл бұрын

I must have missed it, but at 9:25 when you're configuring the ACL again, you use object-group web...when/what video was that object group defined?

@ChampionCCC 4 жыл бұрын

Excellent video tutorial. I paid the Patreon sub and downloaded the Lab and imported it into GNS3, but it gives me an error - The image notexisting.bin is missing - and will not allow the files to be opened by GNS3. Please provide an openable solution under GNS3.

@TheRealoldcar 4 жыл бұрын

is it possible for an inside user computer to connect to a fixed known IP address and have the ASA forward the request to a internet server by its domain name with a continually changing dynamic IP address; with a NAT rule that would have something like NAT (Inside, Outside) static x.x.x.x domain name

@haroldcalderon4514 3 жыл бұрын

thanks a lot. One question What happen if I configure a Static nat interface inside interface outside source static a.a.a.a b.b.b.b destination c.c.c.c c.c.c.c but what happend if the destiny is who open the ¿connection? make the nat in reverse too or not?