Asa source and destination nat

Answered Question
Feb 27th, 2009
User Badges:

Hi,

In a very specific situation there is a need to do address translation of both the source and destination address of a connection.

Is this possible with the asa?


Tnx

Correct Answer by Jon Marshall about 8 years 2 months ago

Yes it's possible. Assuming you are doing it from inside to outside here's an example -


src address of host = 192.168.5.10

destination address = 212.12.12.1


You want to NAT the src address to 195.12.12.1

You want to present the destination address to the inside host as 172.16.10.1


So from the host 192.168.5.10 you would connect to 172.16.10.1. When the traffic passes through the ASA the src changes to 195.12.12.1 and the destination changes to 212.12.12.1


static (inside,outside) 195.12.12.1 192.168.5.10 netmask 255.255.255.255


static (outside,inside) 172.16.10.1 212.12.12.1 netmask 255.255.255.255


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
Jon Marshall Fri, 02/27/2009 - 04:31
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Yes it's possible. Assuming you are doing it from inside to outside here's an example -


src address of host = 192.168.5.10

destination address = 212.12.12.1


You want to NAT the src address to 195.12.12.1

You want to present the destination address to the inside host as 172.16.10.1


So from the host 192.168.5.10 you would connect to 172.16.10.1. When the traffic passes through the ASA the src changes to 195.12.12.1 and the destination changes to 212.12.12.1


static (inside,outside) 195.12.12.1 192.168.5.10 netmask 255.255.255.255


static (outside,inside) 172.16.10.1 212.12.12.1 netmask 255.255.255.255


Jon

bartbruninx Fri, 02/27/2009 - 04:39
User Badges:

Ok. tnx.

I assume the same principle can be done with policy based nat in both directions?

Jon Marshall Fri, 02/27/2009 - 04:39
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Never done it with policy NAT but can't see any reason why it wouldn't work.


Jon

vikram_anumukonda Fri, 02/27/2009 - 04:33
User Badges:
  • Bronze, 100 points or more

It is possible by using 2 seperate static statements, one doing destination nat and the other doing a normal static nat ( source static nat ).


HTH

Vikram

Actions

This Discussion