Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
2
Replies

ASA 5510 NAT question

Go to solution
ericluoma
Level 1
Level 1

‎07-12-2007 09:51 AM - edited ‎03-11-2019 03:44 AM

Is it possible to NAT the destination address through a ASA 5510? I am coming from two different NIC's on the same PC that have different IP's that go through different interfaces on the firewall, but go to the same destination address. I want to control which NIC is chosen by the different apps. If the destination was the same I cant control by static route which NIC to get to the destination, so I want to know if I can NAT the destination so that the traffic will look like it is going to a different destination address then get translated at the firewall.

The reason is that I have different ports that I am connecting to on the destination end and need to keep that intact.

Example:

One PC has two addresses on two different NICs. 192.168.8.8 and 192.168.9.9

Both go through different firewall interfaces on the same firewall, but both have the same destination of 192.168.1.10.

I am already NATing both of my internal addresses so they appear at the destination as 192.168.1.8 and 192.168.1.9

Can I also NAT the destination on the inside of the 192.168.8.8, so it looks like it is going to 192.168.1.50, but gets translated back to 192.168.1.10 on the outside of the firewall.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
acomiskey
Level 10
Level 10

‎07-12-2007 09:56 AM

This is an example of destination nat. This should translate requests on the inside interface for 192.168.1.50 to 192.168.1.10 on the outside interface.

static (outside,inside) 192.168.1.50 192.168.1.10 netmask 255.255.255.255

This is also commonly used for inside to dmz scenarios where inside clients want to hit a webserver on the dmz with it's public address.

static (dmz,inside) netmask 255.255.255.255

Please rate helpful posts.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
acomiskey
Level 10
Level 10

‎07-12-2007 09:56 AM

This is an example of destination nat. This should translate requests on the inside interface for 192.168.1.50 to 192.168.1.10 on the outside interface.

static (outside,inside) 192.168.1.50 192.168.1.10 netmask 255.255.255.255

This is also commonly used for inside to dmz scenarios where inside clients want to hit a webserver on the dmz with it's public address.

static (dmz,inside) netmask 255.255.255.255

Please rate helpful posts.

0 Helpful

Go to solution
ericluoma
Level 1
Level 1
In response to acomiskey

‎07-12-2007 10:24 AM

Thanks that was excellent!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card