×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

destination nat - vpn site2site

Unanswered Question
Nov 8th, 2011
User Badges:

Good day all,


hope someone can help/explain me destination nat.

I have one host A 172.20.0.x that must translate to host B 192.168.5.x.

So if a vpn office (192.168.36.0/24) try to connect to host A 172.20.0.x it must translate to host B 192.168.5.x.

Is this possible and how I can configure this NAT rule.

I using ASA V8.4(1)


Many thanks for your feedback!

Brgds Markus

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
zulqurnain Tue, 11/08/2011 - 02:22
User Badges:
  • Bronze, 100 points or more

What I understood is that your host 172.20.0.x is sitting on inside network and you want this host to be available on outside network /published as 192.168.5.x , such that other host connecting to it would be connecting to 192.168.5.x and ASA will do the translation .


You can achieve it as following


Static (inside, outside) 192.168.15.x 172.20.0.x net mask 255.255.255.255


Access-list out-in extended permit ip 192.168.36.0 255.255.255.0 host 192.168.5.x


Access-group out-in in interface outside


Sent from Cisco Technical Support iPad App

Markus Demmert Tue, 11/08/2011 - 06:06
User Badges:

Hi,

thanks for the fast response.

The Host B 192.168.5.X is also on an inside interface. I will that all remote VPN locations that try to connect to host A 172.0.0.X translated to host B 192.168.5.X.


Brgds Markus

zulqurnain Tue, 11/08/2011 - 07:26
User Badges:
  • Bronze, 100 points or more


I am sorry but can you explain , if you have 192.168.5.x and 172.0.0.x are on inside network meaning both hosts are live then in such a case both would be used by VPN users simultaneously., correct ?


Then you cannot translate host A to host B address because translation can happen using VIP (virtual IP) with real IP.


What you are talking about it diversion or maybe I mis understood you and if you can explain more I might be able to help you out.


Sent from Cisco Technical Support iPad App

Markus Demmert Tue, 11/08/2011 - 07:26
User Badges:

Ok I got it,


nat (wan_primary,inside) source static 192.168.36.0 192.168.36.0 destination static 172.20.0.X 192.168.5.X


Brgds Markus

Actions

This Discussion