Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
244
Views
0
Helpful
1
Replies

ASA NAT

networkrocksalways
Level 1
Level 1

‎03-12-2014 07:03 AM - edited ‎03-11-2019 08:56 PM

 

Hello experts,

I am using Cisco ASA 5520 Firewall with 8.4 image.

Q:-Configure ASA for blan(security-level 10) address 10.10.10.1 to be mapped to 10.20.240.250 such any connection requests to 10.20.240.250 are answered by dmz server(security-level 50) 172.24.30.10

 it means blan users want to access dmz-server remote access desktop with some dummy ip so that we can hide our dmz-server actual ip- address .

 

Thanks in advance

1 person had this problem
Labels:
0 Helpful
1 Reply 1

jj27
Spotlight
Spotlight

‎03-12-2014 07:41 AM

So when users from 10.10.10.1 access 172.24.30.10 the dmz-server sees the IP address 10.20.240.250 instead of 10.10.10.1?

 

Here is one way of doing it:

 

object network inside-10.10.10.1
host 10.10.10.1

object network dmz-172.24.30.10
host 172.24.30.10

object network NAT-10.20.240.250
host 10.20.240.250

nat (inside,dmz) source static inside-10.10.10.1 NAT-10.20.240.250 destination static dmz-172.24.30.10 dmz-172.24.30.10

 

That will translate all traffic destined for the DMZ server from 10.10.1.1 to 10.20.240.250

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card