Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Asa source and destination nat

Hi,

In a very specific situation there is a need to do address translation of both the source and destination address of a connection.

Is this possible with the asa?

Tnx

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Asa source and destination nat

Yes it's possible. Assuming you are doing it from inside to outside here's an example -

src address of host = 192.168.5.10

destination address = 212.12.12.1

You want to NAT the src address to 195.12.12.1

You want to present the destination address to the inside host as 172.16.10.1

So from the host 192.168.5.10 you would connect to 172.16.10.1. When the traffic passes through the ASA the src changes to 195.12.12.1 and the destination changes to 212.12.12.1

static (inside,outside) 195.12.12.1 192.168.5.10 netmask 255.255.255.255

static (outside,inside) 172.16.10.1 212.12.12.1 netmask 255.255.255.255

Jon

4 REPLIES
Hall of Fame Super Blue

Re: Asa source and destination nat

Yes it's possible. Assuming you are doing it from inside to outside here's an example -

src address of host = 192.168.5.10

destination address = 212.12.12.1

You want to NAT the src address to 195.12.12.1

You want to present the destination address to the inside host as 172.16.10.1

So from the host 192.168.5.10 you would connect to 172.16.10.1. When the traffic passes through the ASA the src changes to 195.12.12.1 and the destination changes to 212.12.12.1

static (inside,outside) 195.12.12.1 192.168.5.10 netmask 255.255.255.255

static (outside,inside) 172.16.10.1 212.12.12.1 netmask 255.255.255.255

Jon

New Member

Re: Asa source and destination nat

Ok. tnx.

I assume the same principle can be done with policy based nat in both directions?

Hall of Fame Super Blue

Re: Asa source and destination nat

Never done it with policy NAT but can't see any reason why it wouldn't work.

Jon

Re: Asa source and destination nat

It is possible by using 2 seperate static statements, one doing destination nat and the other doing a normal static nat ( source static nat ).

HTH

Vikram

325
Views
0
Helpful
4
Replies