02-02-2012 07:22 AM - edited 03-11-2019 03:23 PM
Is it possible with the Cisco ASA to translate an outside address to an internal address during PAT? So i want to do is to dynamic outside address translation after the PAT. So if a user on the outside connects to us thru a PAT rule, his outside is translated to an inside address.
Solved! Go to Solution.
02-02-2012 11:58 AM
Hello Tshi,
You will need:
access-list test permit tcp outside_user_ip host VIP eq 7500
access-list test permit tcp outside_user_ip host VIP eq 3078
nat (outside) 10 access-list test outside
global (inside) 10 172.166.1.x
Regards,
Do rate helpful posts
Julio
02-02-2012 12:44 PM
Hello Tshi,
That new ACL that I provided you is not applied to the outside interface so not worry for that.
Regards,
Julio
02-02-2012 10:52 AM
Hello,
So 192.168.12.0/24inside ----ASA------outside2.2.2.0/24
You want that if a outside users go into your network gets patted to 192.168.12.x right??
If that is what you are looking for, yes that is possible on the ASA!!
Regards,
Julio
02-02-2012 11:26 AM
Yes, exactly. I have some PAT commands configured. How do I go by doing that?
static (inside,outside) tcp VIP 3078 172.16.1.68 ssh netmask 255.255.255.255
static (inside,outside) tcp VIP 7500 172.16.1.4 1433 netmask 255.255.255.255
i want when a user establishes a connection to VIP or either port, the public IP address get translated to 172.16.1.x
02-02-2012 11:58 AM
Hello Tshi,
You will need:
access-list test permit tcp outside_user_ip host VIP eq 7500
access-list test permit tcp outside_user_ip host VIP eq 3078
nat (outside) 10 access-list test outside
global (inside) 10 172.166.1.x
Regards,
Do rate helpful posts
Julio
02-02-2012 12:18 PM
Julio,
Thanks indeed..I will try this shortly. Does it matter if I already have an access-list applied to the outside interface...Or can I just use it with nat 10?
access-list FROM_INTERNET extended permit tcp any host VIP eq 3078
access-list FROM_INTERNET extended permit tcp any host VIP eq 7500
access-group FROM_INTERNET in interface outside
02-02-2012 12:44 PM
Hello Tshi,
That new ACL that I provided you is not applied to the outside interface so not worry for that.
Regards,
Julio
02-02-2012 07:51 PM
Julio,
Thanks indeed...this was extremely helpful.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: