8.3 "TwiceNat" possible in 8.0.4?

Unanswered Question
May 12th, 2010

Is it possible to get the "twiceNat" feature out of 8.0.4?  Here is the link to 8.3's twice nat.

In short

Asa Inside 192.168.30.1/24

Outside-- 4.4.4.4 (filler IP)

DMZ network 192.168.20.1/24.


DMZ connects to a router that has a 10.10.10.10, 10.10.10.20, and a 172.16.30.1, 172.16.30.2  Servers.

I would like to do the following if possible

Use my Inside 192.168.30.0/24 as the primary inside nat.  This nat would map to and IP's in the DMZ that is mapped to 10.10.10.10, 10.10.10.20.

Trying to keep from having to introduce external subnets into my network. of 8 sites.

The perfect solution, would contact 192.168.30.10 that NATs to 192.168.20.10.  192.168.20.10 would be NAT to 10.10.10.10.

unit is a Asa 5505

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Wed, 05/12/2010 - 06:34

Not supported on any version of ASA to double NAT on the ASA.

Twice NAT on version 8.3 does not mean double NATing, it just means you can NAT both the source and destination at the same time with 1 NAT statement. It does not mean you can NAT the packet twice.

Hope that confirms your question.

Panos Kampanakis Wed, 05/12/2010 - 15:02

Not sure if I misunderstood your question, but "192.168.30.10 NATed to 192.168.20.10 and  192.168.20.10 NATed to 10.10.10.10." can be done depending on how you want to set it up and between what interfaces.

PK

dmooreami Wed, 05/12/2010 - 15:28

Yes, I understand.

What I wanted to do, was not have to add routes to those 10.10.x.x IP's. 

Just contact a 192.168.30.10 IP that will do a proxy to the 10.10.x.x IP.

Panos Kampanakis Thu, 05/13/2010 - 07:02

NAT will do that.

For example if you have

static (inside,outside) 10.10.30.10 192.168.30.10

then the ASA will proxy on the outside for 10.10.30.10. And when it sees a packet destined to that ip it will forward it to 192.168.30.10 on the inside.

I hope it makes sense.

PK

Actions

This Discussion