Source & Destination NAT

Unanswered Question
Oct 14th, 2010

Can anyone point to a Cisco document that cleary describes source and destination NAT, the differences between them, why you would use ource over destination & vice versa and any configuration examples on an ASA.

Thanks

Paul

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Jon Marshall Thu, 10/14/2010 - 03:49

Paul

Source and destination NAT are relative to the interfaces on the ASA firewall. A couple of examples might help -

you have a server on your LAN with a private address of 192.168.10.1 and you want to "present" it to the outside as 177.10.10.1

1) static (inside,outside) 177.10.10.1 192.168.10.1 netmask 255.255.255.255

a) traffic going from the server on the inside to the outside -

    the src IP is changed from 192.168.10.1 to 195.166.10.1    the destination IP is left as is.

b) traffic returning to the server from the outside

   the src IP is left as is

   the destination IP is changed from 177.10.10.1 to 192.168.10.1

You want to allow internal devices to access the 195.166.10.1 server on the internet. But you don't want to advertise 177.10.10.1 into your network. Instead you want to use 10.5.1.10 as the destination address -

2) static (outside,inside) 10.5.1.10 195.166.10.1 netmask 255.255.255.255

a) traffic going from your internal clients with a destination IP of 10.5.1.10

   the src IP is left alone

   the destination IP is changed from 10.5.1.10 to 195.166.10.1

b) traffic returning to your client from the outside server 195.166.10.1

   the src IP is changed from 195.166.10.1 to 10.5.1.10

   the destination IP is unchanged

Hope this has helped rather than add to the confusion

Jon

Actions

Login or Register to take actions

This Discussion

Posted October 14, 2010 at 1:38 AM
Stats:
Replies:1 Avg. Rating:5
Views:455 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446