Asa source and destination nat

Answered Question
Feb 27th, 2009

Hi,

In a very specific situation there is a need to do address translation of both the source and destination address of a connection.

Is this possible with the asa?

Tnx

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 9 months ago

Yes it's possible. Assuming you are doing it from inside to outside here's an example -

src address of host = 192.168.5.10

destination address = 212.12.12.1

You want to NAT the src address to 195.12.12.1

You want to present the destination address to the inside host as 172.16.10.1

So from the host 192.168.5.10 you would connect to 172.16.10.1. When the traffic passes through the ASA the src changes to 195.12.12.1 and the destination changes to 212.12.12.1

static (inside,outside) 195.12.12.1 192.168.5.10 netmask 255.255.255.255

static (outside,inside) 172.16.10.1 212.12.12.1 netmask 255.255.255.255

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
Jon Marshall Fri, 02/27/2009 - 04:31

Yes it's possible. Assuming you are doing it from inside to outside here's an example -

src address of host = 192.168.5.10

destination address = 212.12.12.1

You want to NAT the src address to 195.12.12.1

You want to present the destination address to the inside host as 172.16.10.1

So from the host 192.168.5.10 you would connect to 172.16.10.1. When the traffic passes through the ASA the src changes to 195.12.12.1 and the destination changes to 212.12.12.1

static (inside,outside) 195.12.12.1 192.168.5.10 netmask 255.255.255.255

static (outside,inside) 172.16.10.1 212.12.12.1 netmask 255.255.255.255

Jon

bartbruninx Fri, 02/27/2009 - 04:39

Ok. tnx.

I assume the same principle can be done with policy based nat in both directions?

Jon Marshall Fri, 02/27/2009 - 04:39

Never done it with policy NAT but can't see any reason why it wouldn't work.

Jon

vikram_anumukonda Fri, 02/27/2009 - 04:33

It is possible by using 2 seperate static statements, one doing destination nat and the other doing a normal static nat ( source static nat ).

HTH

Vikram

Actions

This Discussion