Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510 NAT question

Is it possible to NAT the destination address through a ASA 5510? I am coming from two different NIC's on the same PC that have different IP's that go through different interfaces on the firewall, but go to the same destination address. I want to control which NIC is chosen by the different apps. If the destination was the same I cant control by static route which NIC to get to the destination, so I want to know if I can NAT the destination so that the traffic will look like it is going to a different destination address then get translated at the firewall.

The reason is that I have different ports that I am connecting to on the destination end and need to keep that intact.

Example:

One PC has two addresses on two different NICs. 192.168.8.8 and 192.168.9.9

Both go through different firewall interfaces on the same firewall, but both have the same destination of 192.168.1.10.

I am already NATing both of my internal addresses so they appear at the destination as 192.168.1.8 and 192.168.1.9

Can I also NAT the destination on the inside of the 192.168.8.8, so it looks like it is going to 192.168.1.50, but gets translated back to 192.168.1.10 on the outside of the firewall.

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: ASA 5510 NAT question

This is an example of destination nat. This should translate requests on the inside interface for 192.168.1.50 to 192.168.1.10 on the outside interface.

static (outside,inside) 192.168.1.50 192.168.1.10 netmask 255.255.255.255

This is also commonly used for inside to dmz scenarios where inside clients want to hit a webserver on the dmz with it's public address.

static (dmz,inside) netmask 255.255.255.255

Please rate helpful posts.

2 REPLIES
Green

Re: ASA 5510 NAT question

This is an example of destination nat. This should translate requests on the inside interface for 192.168.1.50 to 192.168.1.10 on the outside interface.

static (outside,inside) 192.168.1.50 192.168.1.10 netmask 255.255.255.255

This is also commonly used for inside to dmz scenarios where inside clients want to hit a webserver on the dmz with it's public address.

static (dmz,inside) netmask 255.255.255.255

Please rate helpful posts.

New Member

Re: ASA 5510 NAT question

Thanks that was excellent!

141
Views
0
Helpful
2
Replies