RV320 Additional WAN IP NAT'ing

Hello, I have an RV 320, my initial IP allocation from my ISP was 38.122.x.x a /30 allocation. Recently I needed to NAT a device so I requested a /29 block from my ISP the new block is 38.79.x.x. The router is fully managed by ISP, they told me that the new /29 block will be configured to route to the original WAN IP of my RV320. I configured a 1to1 NAT and no luck I am unable to remotely connect to the device via the external IP.  Any assistance would be greatly appreciated.

Jennifer,
Thanks for the quick reply.
You were pretty much correct, all I needed to do was create the appropriate NAT map between the Public IP & a DMZ server and also add a new RULE to allow the new public facing services to be available for internet users. This is just the same as setting up NAT'ing on the IP range configured on the Public ASA interface.
I didn't need to set-up any static arp's or create any routes (default route is already set out via the Public interface). Also no ISP speific set-up was required, so as
I haven't tried to set-up outbound NAT/PAT yet from the Private interface so I cannot say if that is just as easy.

Similar Messages

  • Additional WAN ports on SA540?

    I am running SVI ports on a Cisco 1812 router as additional WAN ports for a device that has up to 9 different ethernet WAN connections. Does anyone know if it is possible to run this kind of configuration on an SA540 that has 2 WAN ports and 8 'LAN' ports? I would also need the WAN ports to be presented as 'outside' in the firewall config and to be nat outside ports. My configuration works using route maps in nat and the application runs with a simple  script to shut / no shut interfaces.
    I am interested in the features / price point of this device but would need to run more than 2 WAN interfaces (one at a time or load balancing) for my application which is for mobile clients who have many varied options for physically connecting to the internet.
    Many thanks in advance

    Hi,
    LAN ports can't be converted to WAN ports in SA540.
    SA540 supports only 2 WAN ports.
    Thanks,
    Biraja

  • NAT'ing firewall Wiki articles gone

    http://wiki.archlinux.org/index.php/NAT'ing_firewall_-_Share_your_broadband_connection
    and
    http://wiki.archlinux.org/index.php/NAT'ing_firewall_-_Adding_advanced_features
    are empty now.
    Can some1 check why those pages are stubs now, couse i need both articles,
    or atleast to give backups if possible, since i set up my home server using those.
    Last edited by Satan666999 (2008-12-30 08:40:40)

    Google cache for the first page:
    http://74.125.77.132/search?q=cache:toh … ient=opera
    No idea why it's off the wiki though, has it got something to do with the ' in NAT'ing?

  • Cisco RV320 DUAL WAN router USB setup with Telstra 4G MF823

    I am trying to setup Cisco RV320 DUAL WAN router to work with my prepaid Telstra 4G MF823 device. Could you please assist. My settings are as follows: InterfaceUSB2Connection Type:3G/4G PIN Code:Confirm PIN Code:USB Connection Status:3G/4G modem is not available.Access Point Name:telstra.internetDial Number:Username:Password:Enable DNSDNS Server (Required): 8.8.8.8DNS Server (Optional): 8.8.4.4MTU:AutoManualB

    Hi oz000,
    Unfortunately we don't have anyone here to assist with this particular issue. Our team here provides assistance for the device standalone, we ensure that the 4G device connects to the network and functions correctly on its own.
    -Matt W
     

  • RV320 - Dual WAN - Load Balance Problem

    Hi all,
    I've just bought a RV320 Dual WAN router an try to get it running. My network setup looks lice the picture attached.
    I have 2 WAN Connections:
    - Router 1 (16Mbit Down / 512kbit up) - no public WAN IP
    - Router 2 (3 Mbit Down / 512kbit up) - Fixed public IP
    Router 1 ist connected to WAN1 and router 2 to WAN2 port on the RV320.
    I have enabled load balancing mode.
    Qustions:
    1.
    I want WAN1 to be the primary line to be used until capacity reached.
    Currently for some reason I don't understand the cisco always uses WAN2.
    That's not good as all browsing and downloading is limited to 3mbit.
    When I switch to "fail-over" mode and set primry live to WAN1 that works, but WAN2 is not kept alive.
    2.
    I am using VOIP and need to route all VOIP traffic to WAN2 interface.
    The best would be to tell the router IP 192.168.177.9 (voip phone) should use WAN2. So far I didn't figure out how to do that.
    Can I put VOIP into one VLAN group and allocated VLAN to one specific WAN interface?
    Brgds

    So, you can hear the phone ringing and answer it? which means that SIP pakets are coming through WAN to LAN and well redirected to the phone IP, but you cannot hear after that, which means that there could be a problem with the RTP packets. 
    If you have problem only with the incoming calls and not the outgoing, than try enable/disable SIP ALG (Firewall). If that doesn't fix the issue, try to allow (or even forward) from WAN to LAN RDP -  UDP ports 16384-32767 to the phone IP.
    Regards,
    Kremena

  • Problem with nat-ing on asa 5505

    i have the asa5505 with asa8.4.2 and asdm 6.4.5. i use this asa5505 for connecting my network 192.168.0.0/24 with network 10.15.100.0/24. my wan port of asa5505 on network 10.13.74.0/24, lan port is on 192.168.0.0./24. this configuration worked ok until my isp changed router on address 10.13.74.1. i nat-ed on asa5505, i puted access policy and i had access network 10.15.100.0/24. but now i can't. the users from network can access devices on addresses 192.168.0.20 and 192.168.0.22 but i can't access the network 10.15.100.0/24. my configuration of asa5505 is:
    Result of the command: "show runn": Saved:ASA Version 8.4(2) !hostname ciscoasaenable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1 nameif inside security-level 100 ip address 192.168.0.17 255.255.255.0 !interface Vlan2 nameif outside security-level 0 ip address 10.13.74.33 255.255.255.0 !ftp mode passiveobject network obj_any subnet 0.0.0.0 0.0.0.0object network server host 192.168.0.20object network sharepointdri host 192.168.0.22object network paragraflex host 192.168.0.20object network dri.local subnet 192.168.0.0 255.255.255.0object service ParagrafLex1 service tcp source eq 6190 description Odlazniobject service paragraf service tcp destination eq 6190 description dolazniobject network nonat host 192.168.0.20object network lokalnamreza range 192.168.0.1 192.168.0.254object network natnetwork subnet 192.168.0.0 255.255.255.0object network natmreze subnet 192.168.0.0 255.255.255.0object-group service DM_INLINE_SERVICE_2 service-object ip service-object icmp echo-reply service-object tcp object-group service DM_INLINE_SERVICE_1 service-object icmp echo-reply service-object tcp service-object ip service-object tcp destination eq domain service-object tcp destination eq ldap service-object object ParagrafLex1 object-group service DM_INLINE_SERVICE_8 service-object ip service-object tcp service-object icmp echo-replyobject-group service DM_INLINE_SERVICE_3 service-object tcp service-object tcp destination eq domain service-object tcp destination eq ldap object-group service DM_INLINE_SERVICE_4 service-object tcp service-object icmp echo-replyobject-group protocol DM_INLINE_PROTOCOL_2 protocol-object udp protocol-object tcpobject-group protocol TCPUDP protocol-object udp protocol-object tcpobject-group service DM_INLINE_SERVICE_5 service-object ip service-object icmp echo-replyobject-group protocol DM_INLINE_PROTOCOL_1 protocol-object ip protocol-object tcpobject-group service DM_INLINE_SERVICE_6 service-object ip service-object tcp service-object icmp echo-reply service-object icmp service-object tcp destination eq https object-group service DM_INLINE_SERVICE_7 service-object ip service-object tcp service-object icmp echo-reply service-object tcp destination eq https object-group network DM_INLINE_NETWORK_1 network-object 10.13.74.0 255.255.255.0 network-object 10.15.100.0 255.255.255.0object-group service DM_INLINE_SERVICE_9 service-object tcp-udp service-object tcp destination eq https service-object tcp destination eq domain object-group service DM_INLINE_SERVICE_10 service-object ip service-object tcp service-object icmp echo-replyobject-group service DM_INLINE_SERVICE_11 service-object ip service-object tcp service-object icmp echo-replyaccess-list nonat extended permit object-group DM_INLINE_SERVICE_8 192.168.0.0 255.255.255.0 object-group DM_INLINE_NETWORK_1 access-list inside_access_out extended permit object-group DM_INLINE_SERVICE_6 any any access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_2 object dri.local 10.15.100.0 255.255.255.0 access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_7 any any access-list uprava_access_out extended permit object-group DM_INLINE_SERVICE_3 object dri.local 10.13.74.0 255.255.255.0 access-list uprava_access_out extended permit object-group DM_INLINE_SERVICE_4 any any access-list uprava_access_out extended permit object-group DM_INLINE_SERVICE_3 192.168.0.0 255.255.255.0 10.13.74.0 255.255.255.0 access-list outside_access_in_1 extended permit object paragraf any object server access-list outside_access_in_1 extended permit object-group DM_INLINE_SERVICE_1 any object server access-list outside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_1 any object sharepointdri access-list outside_access_in_1 extended permit object-group DM_INLINE_SERVICE_10 object natmreze any access-list outside_access_out extended permit object-group DM_INLINE_SERVICE_9 any any access-list outside_access_out extended permit object-group DM_INLINE_SERVICE_11 object natmreze 10.15.100.0 255.255.255.0 pager lines 24logging asdm informationalmtu inside 1500mtu outside 1500icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp outside 10.13.74.1 000d.bd64.a8e2 arp timeout 14400!object network server nat (inside,outside) static 10.13.74.34 dnsobject network sharepointdri nat (any,any) static 10.13.74.39object network nonat nat (inside,outside) static 192.168.0.20object network natmreze nat (any,any) static 10.13.74.42 dnsaccess-group inside_access_in in interface insideaccess-group inside_access_out out interface insideaccess-group outside_access_in_1 in interface outsideaccess-group outside_access_out out interface outsideroute outside 0.0.0.0 0.0.0.0 10.13.74.1 1route outside 10.15.100.0 255.255.255.0 10.13.74.1 1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00dynamic-access-policy-record DfltAccessPolicyuser-identity default-domain LOCALhttp server enablehttp 192.168.0.0 255.255.255.0 insideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstart warmstarttelnet timeout 5ssh timeout 5console timeout 0dhcpd auto_config outside!threat-detection basic-threatthreat-detection statistics access-listno threat-detection statistics tcp-interceptwebvpn!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters  message-length maximum client auto  message-length maximum 512policy-map type inspect ftp paragraf parameterspolicy-map global_policy class inspection_default  inspect dns   inspect icmp   inspect ip-options   inspect netbios   inspect tftp   inspect h323 h225   inspect h323 ras !service-policy global_policy globalprompt hostname context state priority domain no call-home reporting anonymousCryptochecksum:61572938ed01b1c7447e43fcb2df4bc8: end
    what i do? plz help me?
    thanks

    Please do this, and let me know how it goes
    no access-list nonat extended permit object-group DM_INLINE_SERVICE_8 192.168.0.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
    no access-list uprava_access_out extended permit object-group DM_INLINE_SERVICE_3 object dri.local 10.13.74.0 255.255.255.0
    no access-list uprava_access_out extended permit object-group DM_INLINE_SERVICE_4 any any
    no access-list uprava_access_out extended permit object-group DM_INLINE_SERVICE_3 192.168.0.0 255.255.255.0 10.13.74.0 255.255.255.0
    access-list inside_access_in line 1 permit ip 192.168.0.0 255.255.255.0 any
    access-list outside_access_in_1 line 1 permit ip any 192.168.0.0 255.255.255.0
    no object network nonat
    no access-group inside_access_out out interface inside
    no access-group outside_access_out out interface outside
    no route outside 10.15.100.0 255.255.255.0 10.13.74.1 1

  • Nat'ing Lan subnet

    I have a tunnel created and I need to NAT the local network 192.168.1.0/24 to 172.31.196.0/24 to the destination IP, let's say (2.2.2.2)
    code version is 821
    name 2.2.2.2 External_IP
    name 172.31.196.0 Local_xlated
    I thought the statement would look like nat (inside,outside) inside-network Local_xlated static destination External_IP

    eluciasa(config)# packet-tracer input inside tcp 192.168.1.6 53 8.8.8.8 53
    Phase: 1
    Type: ACCESS-LIST
    Subtype:
    Result: ALLOW
    Config:
    Implicit Rule
    Additional Information:
    MAC Access list
    Phase: 2
    Type: FLOW-LOOKUP
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Found no matching flow, creating a new flow
    Phase: 3
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   0.0.0.0         0.0.0.0         outside
    Phase: 4
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 5
    Type: NAT
    Subtype: host-limits
    Result: ALLOW
    Config:
    static (inside,outside) MC_Local_xlated  access-list L2LVPN-POLICYNAT
      match ip inside 192.168.1.0 255.255.255.0 outside host External_IP
        static translation to MC_Local_xlated
        translate_hits = 0, untranslate_hits = 0
    Additional Information:
    Phase: 6
    Type: NAT
    Subtype:
    Result: ALLOW
    Config:
    nat (inside) 1 0.0.0.0 0.0.0.0
      match ip inside any outside any
        dynamic translation to pool 1 (External_IP [Interface PAT])
        translate_hits = 24686918, untranslate_hits = 1904674
    Additional Information:
    Dynamic translate EluciMX01/53 to External_IP/356 using netmask 255.255.255.255
    Phase: 7
    Type: HOST-LIMIT
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 8
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 9
    Type: FLOW-CREATION
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    New flow created with id 32668832, packet dispatched to next module
    Result:
    input-interface: inside
    input-status: up
    input-line-status: up
    output-interface: outside
    output-status: up
    output-line-status: up
    Action: allow
    eluciasa(config)#

  • RV320 Max WAN-LAN Throughput

    Hi,
    I have a RV320 here on a 500/500Mbit fiber line, and don't seem to get more than ~230Mbit througput.
    If I connect the original modem from the provider, I get 500/500Mbit throughput.
    Firewall is off while testing.
    Does the RV320 not provide more throughput, or can it be a setting?

    @Marty, I tried it but didn't matter in speed.
    Tested serveral times with the Cisco (230Down/130Up) vs Arcadyan(480Down/480Up), but they stay the same no matter the settings.
    Also tried to change the MTU, to see if that had any effect, only effect was that the WAN connection didn't work anymore

  • RV320 two wan and wifi

    Hi,
    just buy a RV320 and I have both wan configured to failover.
    Wan1 has fix ip and Wan2 has dynamic ip.
    I would like to know if i can configure one router to provide WIFI. I tried to create a VLAN in Cisco and isolate wifi but does not work. The router is in bridge mode.
    I hope someone can guide me to solve this problem.
    thank you very much
    pd: sorry for my english but is not my mother tongue....

    Hi Marty,
    thank you for your answer.
    This my configuration:
    default Vlan: 172.16.0.1
    Vlan2: 192.168.2.1
    WAN1: 217.172.x.x
    WAN2: dinamic ip PPPoE
    The switch is connected to port Lan 1 and an old router to port Lan 2 to provide wifi on an isolated network.
    The router has not a special configuration, ip: 192.168.2.2, wifi, dhcp with default gateway 192.168.2.1
    i can connect to wifi but i can not ping to 192.168.2.1
    any help would be appreciated

  • RV320 Dual wan setup, wan2 keep disconnecting after a few mins.

    I have just switched out our offices rv120w for a rv320. I have set it up for dual wan with fail over. Both WANs are on static ip's. I have the settings working separately, but if i connect both connections to both WAN ports, WAN2 keeps dropping its connection. 
    It will show in the summary as 0.0.0.0 after a few seconds. I set it up, hit save and it shows both IPs in WAN1 and WAN2...as fast as i can refresh it, it will show WAN2 back to 0.0.0.0
    Any thoughts?

    as it turned out this was an issue with the ISP that has now been corrected. 
    on another note i could not change the MTU to 1500 as it would always reset to 1492....
    (latest Firmware)
    Cheers
    Dazzler 

  • RV320 loosing WAN and inter VLAN connectivity

    I just received a new RV320 V01 router and I am having trouble with the router loosing WAN and inter VLAN connectivity. Anywhere from 2 to 24+ hours the router will stop routing traffic to/from the WAN and other VLANs on the network. I have a ping trace running on one system and all packets are lost when the routing fails to all WAN connections and systems on other VLANs. I am still able to ping all of the router address for the VLANs i.e. 192.168.1.1, 192.168.2.1, 192.168.3.1 etc. Unfortunately I only have one system on this VLAN so I do not know if I can ping other systems on the same VLAN. I also do not have any DNS resolution when the issue occurs.
    The router is set up using a single ISP connection on WAN1 using DHCP assignment. WAN2 is disabled in the router settings. The router has version v1.1.1.06 firmware. I have also tried disabling VPN pass-through as noted from other posts. When the issue occurs the WAN1 connection is showing as “Connected (Inactive)” with no assigned IP address, gateway or DNS servers. The router is in gateway mode and everything works fine until the problem.
    Any Ideas?

    You noted that the WAN 1 connection has no IP address when this occurs.
    When it occurred last, I noted the "Connected (Inactive)" on WAN1 and that there were no IP addresses assigned.  I have a screen shot of the page attached.  I had noticed the "Connected (Inactive)" previously when the problem was occurring but cannot definitely say there were no IP addresses at that time.  I do not recall if I noticed this before or after I had disconnected the WAN1 to test a direct PC to modem connection.  I did check with the cable company and there are no issues being noted or logged on my connection.  The direct PC to modem connection worked fine.
    What type of Internet connection is it? (Cable, DSL, T1, etc)
    The connection is Cable
    Is the WAN port configured for DHCP?
    The WAN port is configured for DHCP
    Who is the ISP?
    The ISP is the local cable company
    When the issue occurs, can devices within a subnet ping each other?
    As I noted in the original post, at the time I was on a VLAN that only had one system running to monitor ping traces.  I will try again next time the problem occurs to have multiple devices on the same network.
    Are there any switches in the network?
    Yes, there is a switch in the system.  I am using a cisco SG200-26.  However, the problem persists even when I directly connected a PC to the active LAN port on the router.  No issue when the PC was dirrectly connected to the modem.
    Can you draw a simple topology showing the network with IP addresses, VLANs, etc?
           See attached

  • RV320 PPPOE WAN Disconnect

    I have a customer with an RV320 using PPPOE through a bridged DSL modem.  The connection comes up and will stay up for sometimes a week at a time, and then suddenly drop the PPPOE connection for no reason, causing a drop in internet connectivity.  The customer has to physically restart the router to get the internet to come back up.  In the system logs, I see:
    2015-05-01, 09:50:24
    Network Log
    NSD FAIL WAN[1]
    2015-05-01, 09:52:43
    System Log
    No response to 5 echo-requests
    2015-05-01, 09:52:43
    System Log
    Serial link appears to be disconnected.
    2015-05-01, 09:52:43
    System Log
    Connect time 93.6 minutes.
    2015-05-01, 09:52:43
    System Log
    Sent 111629134 bytes, received 7249283 bytes.
    2015-05-01, 09:52:43
    Network Log
    WAN connection is down
    2015-05-01, 09:52:43
    VPN Log
    [grpips0]: [Tunnel Disconnected]
    2015-05-01, 09:52:49
    System Log
    Connection terminated.
    2015-05-01, 09:52:49
    System Log
    Modem hangup
    2015-05-01, 09:53:54
    System Log
    Timeout waiting for PADO packets
    2015-05-01, 09:53:54
    System Log
    Unable to complete PPPoE Discovery
    2015-05-01, 09:54:59
    System Log
    Timeout waiting for PADO packets
    2015-05-01, 09:54:59
    System Log
    Unable to complete PPPoE Discovery
    2015-05-01, 09:56:04
    System Log
    Timeout waiting for PADO packets
    2015-05-01, 09:56:04
    System Log
    Unable to complete PPPoE Discovery
    2015-05-01, 09:57:09
    System Log
    Timeout waiting for PADO packets
    2015-05-01, 09:57:09
    System Log
    Unable to complete PPPoE Discovery
    2015-05-01, 09:58:14
    System Log
    Timeout waiting for PADO packets
    2015-05-01, 09:58:14
    System Log
    Unable to complete PPPoE Discovery
    Is this something relating to the router or the the DSL?  What troubleshooting steps should I try.

    I'm also seeing something similar since installing an RV320 in the same fashion this week.  I can't see the logs as yet because I'm remote, but it's been down twice today on what is otherwise usually a very very stable connection. 
    Be interesting to see people's thoughts on this. 

  • Need some help with a fundamental concept of nat'ing/routing

    I have the following code on an ASA5500 pair with very down-level code. 7.1.2.
    Here is a snippet of the ruleset:
    interface GigabitEthernet0/1.40
    description Production Servers Network
    vlan 40
    nameif Production
    security-level 40
    ip address 172.20.0.1 255.255.0.0 standby 172.20.0.2
    access-list no-nat extended permit ip 192.168.3.0 255.255.255.0 192.168.20.0 255.255.255.0
    access-list no-nat extended permit ip 172.20.0.0 255.255.0.0 192.168.20.0 255.255.255.0
    nat (Production) 0 access-list no-nat
    Am I correct in believing all traffic sourced from the 192.168.3.0 and 172.20.0.0 networks  coming in via the Production interface will NOT be Nat'ed.
    My next question is will that traffic be routed through that interface Production using  the original IP addresses, or will that traffic NOT be routed anywhere?
    I don't want that traffic to be routed, but am concerned since these access list commands permit IP traffic between the networks, this traffic will be routed.

    Thanks for responses, but they confuse me more.
    It is not your answers causing my confusion, but the firewall rules I am trying to apply to this.
    From what you are saying, traffic WILL flow from the 192.168.3.0 network to the 192.168.20.0 network, flowing through the Production interface. It won't be Nat'ed, but it will route because the access list explicitly allows IP traffic sourced  from the 192.168.3.0 network to reach the 192.168.20.0 network.
    However, this is not what is currently happening in the networks, as far as I have been told.
    Let me add more lines of code to the problem, and give my interpretation, and you can tell me where I am going wrong.
    1. There is no access list explictly associated with the Production interface, as can be seen through the definition in my first post.
    2. More complete code:
    object-group network network_vpn
    description VPN IP's
    network-object 192.168.2.0 255.255.255.0
    network-object 192.168.3.0 255.255.255.0
    access-list no-nat extended permit ip 192.168.20.0 255.255.255.0 172.20.0.0 255.255.0.0
    access-list no-nat extended permit ip object-group network_vpn 172.20.0.0 255.255.0.0
    access-list no-nat extended permit ip object-group network_vpn 192.168.20.0 255.255.255.0
    access-list no-nat extended permit ip 172.20.0.0 255.255.0.0 192.168.20.0 255.255.255.0
    access-list no-nat extended permit ip 192.168.2.0  255.255.255.0 172.20.0.0 255.255.0.0
    access-list no-nat extended permit ip 192.168.0.0 255.255.0.0 172.20.0.0 255.255.0.0
    access-list no-nat extended permit ip 172.20.0.0 255.255.0.0 192.168.0.0 255.255.0.0
    access-list no-nat extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0
    access-list no-nat extended permit ip 172.20.0.0 255.255.0.0 192.168.2.0 255.255.255.0
    access-list no-nat extended permit ip 192.168.3.0 255.255.255.0 172.20.0.0 255.255.0.0
    access-list no-nat extended permit ip 192.168.3.0 255.255.255.0 192.168.20.0 255.255.255.0
    access-list no-nat extended permit ip 192.168.2.0 255.255.255.0 192.168.20.0 255.255.255.0
    nat (Production) 0 access-list no-nat
    nat (Production) 0 access-list Production_nat0_inbound outside
    nat (Production) 1 172.20.0.0 255.255.0.0
    Use the 3rd last line in the access-list no-nat commands as an example.
    As I envision this, if I have a network sourced as 192.168.3.0, coming in through the Production interface, IP traffic can reach the 172.20.0.0 network, albeit through not NAT'ed, but with the original IP addreses, assuming routing is configured between these networks? I guess my related question would be is routing not implictly turned on between these networks?
    3. Also, I think several lines of this access rule are redundant, given the network object covers the 192.168.2.0 and 192.168.3.0 networks.

  • Virtual Exchange & NAT'ing

    A virtual server currently has Exchange installed on it with load balancing on our network. Each NIC has its own IP address and they want one external address for it to NAT to.  Looking at our ASA, we can't overlap addresses...meaning I get an error when I try to NAT 2 internal addresses to 1 external.  How can this be accomplished?

    What version do you have? It can be done with an special configuration on 8.2. If you are in version 8.3 or higher you may want to look at Many to Few NAT configuration.
    Mike

  • (semi-urgent) RVS4000 and multiple (same port) NAT'ing

    Hello -
    I have a client who has one Internet connection and 2 different internal SMTP servers.  Is there a way to NAT public mail/SMTP to each one?  We have two public IPs.
    Thanks

    Hello Jeff,
    Unfortunately the RVS4000 does not support One to One NAT. This restricts the router to only being able to use one of the IP addresses you have.
    If you are intrested in a router that supports this feature, I recommend one of the following:
    RV042
    RV120W
    RV220W

Maybe you are looking for

  • IPad keeps trying to erase itself

    So yesterday I thought I lost my iPad while I was out. I used Find my iPhone to erase all the data on it figuring that if it was returned to me/if I found it I could just restore from a previous backup. I found my iPad a couple of hours later, but wh

  • Aggregation of taxes for contract PO's

    Hi, in the conceptual model of SRM in my client we're studying the use of shopping carts with items without taxes. One main question that have ocurred to me is: when generating a purchase order for a existing contract (cataloged contract in CCM), wil

  • How do I set Firefox to start on login in full screen mode and permanently disable the tool bars?

    I am trying to set up a touch screen windows 7 lenovo desktop for use by older users with no prior experiance of PC's. I would like Firefox to start on login and open in full screen mode, with all toolbars disabled. Is this possible? and if so how do

  • Are there am radio apps

    I have a little pocket AM/FM radio..... I listen to various stations....sports, news, etc. ......  However, it is old and I was thinking of getting a new one.  Then, I thought about getting an ipod touch instead and downloading a "Radio App" that wou

  • Stopping and/or resuming a Thread???

    I have a thread which I need to run, then stop it and then later start it again and so on. Could someone explain (comprehensively) how I can do this safely. Thread.stop() is not safe? Thanks