Port redirection question

Answered Question
Jan 29th, 2010

Hi All,

I have an ASA doing port redirection as follows:

static (inside,outside) tcp 2.2.2.2 80 192.168.10.2 8080

static (inside,outside) tcp 2.2.2.2 25 192.168.10.3 2525

So, whatever traffic comes to IP 2.2.2.2 on port 80 is redirected to IP 192.168.10.2 to port 8080, and traffic coming to the same IP on port 25, is redirected to IP 192.168.10.3 on port 2525.

This works perfectly. But my problem is the following:

Traffic sourced from IPs 192.168.10.2 and 192.168.10.3 to the Internet, is not translated to 2.2.2.2, but to the IP of the outside interface of the ASA (because I'm doing PAT for outbound traffic). So, I'm having a normal behavior.

My question is just this:

I want confirmation that the static statements above apply only for inbound traffic.

And, is there a way to make the outgoing traffic NATed to the IP 2.2.2.2 for these servers?

Something like:

nat (inside) 5 192.168.10.2 255.255.255.255

nat (inside) 5 192.168.10.3 255.255.255.255

global (outside) 5 2.2.2.2

To make the NAT consistent?

Thank you!!

Federico.

I have this problem too.
0 votes
Correct Answer by Kureli Sankar about 6 years 10 months ago

You are correct and this is your solution.

nat (inside) 5 192.168.10.2 255.255.255.255

nat (inside) 5 192.168.10.3 255.255.255.255

global (outside) 5 2.2.2.2

Now, why with just the static pat for outbound translation it doesn't get translated to 2.2.2.2

Think of this the server 192.168.10.3 going to google. Its source port for example is 33333 and the destination is 80 will it match your static?

static (inside,outside) tcp 2.2.2.2 25 192.168.10.3 2525

Absolutely not.

If you have this static 1-1

static (inside,outside) 2.2.2.2 25 192.168.10.3

Then it will work for both incoming and out going.

I hope I explained it such that you understand if perfectly.

-KS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Kureli Sankar Fri, 01/29/2010 - 10:06

You are correct and this is your solution.

nat (inside) 5 192.168.10.2 255.255.255.255

nat (inside) 5 192.168.10.3 255.255.255.255

global (outside) 5 2.2.2.2

Now, why with just the static pat for outbound translation it doesn't get translated to 2.2.2.2

Think of this the server 192.168.10.3 going to google. Its source port for example is 33333 and the destination is 80 will it match your static?

static (inside,outside) tcp 2.2.2.2 25 192.168.10.3 2525

Absolutely not.

If you have this static 1-1

static (inside,outside) 2.2.2.2 25 192.168.10.3

Then it will work for both incoming and out going.

I hope I explained it such that you understand if perfectly.

-KS

Actions

This Discussion