Beruflich Dokumente
Kultur Dokumente
ASA NAT:
8.2:
1. In ASA 8.2 we should give NAT control command to operate the NAT.
2. If we dint give enable not control it does not perform NAT.
3. Here we do dynamic translation of NAT as show below: It has NAT ID 1 between inside & outside
global address. This ID should match in both the Statements.
4. If a user goes to internet it checks NAT statement & then it checks Route. Here in this topology
we have an Static Route Configured for Outside Route.
5. PAT: If we want do PAT: Many to one then we use command as many to one:
6. Here If we want to get access from inside to DMZ then we should use PAT interface or ip
address as shown below:
7. We should not perform NAT between SITE to SITE Tunnel as shown below:
8. In this case we use NAT 0 Command as:
10. IDENTITY NAT: It Does not any of the addrwssing, because there is not nat required for inside to
inside.
8.2 NAT:
1. In 8.3 we need to specify ACL inbound for outside interface for Static NAT as shown Below:
2. Here we should use global mapped address for the Server.
3. What if server is mapped to 5 interfaces:
Here every time we need to make ACL to make new services allow to this machine. In 8.2 there
is no such complicated stuff.
Steps:
12. If we went to create a NAT from inside to outside & inside to DMZ then Delete the OLD NAT as
Shown Below & create New NAT rule:
It says if traffic is coming from inside interface going to the outside interface & source address is keith’s
Ip going to destination address of R2 real address then it uses static nat swap out keith address to global
address.
19. Press the Down arrow to perform manual NAT after Auto NAT:
20. We got output as:
2. Here we are changing both source & destination IP addresses: Twice NAT
3. Add the rule as:
12. So the problem is R4 uses md5 authentication & ASA uses clear text authentication.
Its in Exchange/DR
18. So here its in only EXTART state now we have MTU problem: Check MTU values
23. To resolve either Configure MTU same on both sides or ignore MTU
24. Configure MTU ignore in R4 also:
36. Here Mutual Redistribution is done between EIGRP to RIP & RIP to EIGRP .
37. Here in ASA1 also we run RIP on DMZ interface:
38. Here Ping is not working:
44. Here ASA’S are connected to Switch port Fa 13 & 15, as per the diagram they allow traffic on
vlan 10 untagged.There is a VACL so the Traffic is dropping onit.
62. Because ASA 2 Does not puts Rip Routes into OSPF:
5. Here in Router 4 we need to check wheater it has any external routes into OSPF.
6. Here in ASA 2 it injects external routes as router 4 IP. It treats router 4 as an ASBR
7. Now we should configure it as NSSA:
73. Here NSSA does not inject Default so we nned to configure manually as below:
74. Now we got OSPF routes in r2:
75. Now every thing is ok we check connectivity between VLANS: Check with r1 show ip eigrp:
76. We don’t have routes for 49.0 So we don’t have connectivity between r1 between ASA 2 & R4
77. Now Enable RIP version 2 because auto summarization not completes in RIP v1 & it not includes
subnet MASK in RIP 1:
78. Here We still See the Wrong Mask As below:
83. Here it says receive packet with md5 authentication: & invalid authentication so key is
mismatching:
84. Configure same Key ID in ASA 1 & ASA 2:
85. Now also we dint got original route we recived summarized route:
86. Router 1 & router 2 should connect vlan
87. We check the route as below: