cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
531
Views
0
Helpful
3
Replies

ASA 8.0 Nat 1 machine to 1 IP, dynamic the rest?

tahequivoice
Level 2
Level 2

On8.3/8.4 I can setup a translation to translate an internal host to another outside IP addres, only for connecting to one outside host, and the rest of the translations to outside are done dynamic using the outside IP.

Can this be done on 8.0 code?

3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

Sure can...

Example:

internal host: 10.1.1.1

destination: 200.1.1.1

to be PATed to: 80.1.1.1

access-list nat-10 permit ip host 10.1.1.1 host 200.1.1.1

nat (inside) 5 access-list nat-10

global (outside) 5 80.1.1.1

With NAT statement, the more specific one will take precedence over the less specific ones.

Hi I tried this, and I can see the ARP entry externally, but I can not reach the outside IP from the server. Is the connection initiated internally for this?

Yes, nat/global pair is intended for outbound only connection (initiated from inside).

If you need both inbound and outbound connection for this, you would need to configure static policy NAT as follows:

access-list nat-10 permit ip host 10.1.1.1 host 200.1.1.1

static (inside,outside) 80.1.1.1 access-list nat-10

and you would need to remove the above nat and global statement, and "clear xlate".

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: