Hello,

Lets start all over again.

Inside network user (192.168.10.2)------------ASA------Outside------------------(4.2.2.2)------------166.168.13.2(User)

And you want to nat the inside user to 3.3.3.3 when it goest to 4.2.2.2

You also want to nat the user 166.168.13.2 to 4.2.2.2 when it hits 3.3.3.3

So the nat would be

nat (inside,outside) source static 192.168.10.2 3.3.3.3 destination static 166.168.13.2  4.2.2.2

The ACL should be :

access-list out_in permit 4.2.2.2 any

access-group out_in in interface outside

Please rate helpful posts.

Julio

HI Julio,

how the routing table on the ASA will look like - it's in TP mode

let say that the management ip of the asa is 5.5.5.5

Hello Ofir,

Well as you know on Transparent mode you only can have static routes so as an example here is the show route from one of the ASAs on my lab:

Show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route

Gateway of last resort is xxx.xxx.xxx.xx to network 0.0.0.0

S*   0.0.0.0 0.0.0.0 [1/0] via xx.xx.xx.xx, outside

Remember that the ASA uses both the Xlate table and the Routing table to route packets.

Regards,

Do please rate helpful posts.

Julio

Julio,

Happy new year!

how can i translate all the inside lan to new lan :

Inside network LAN(192.168.10.0)------(3.3.3.0)------ASA------Outside------------------(4.2.2.0)------------166.168.13.0(LAN)

And you want to nat the inside user to 3.3.3.0 when it goest to 4.2.2.0

You also want to nat the user 166.168.13.0 to 4.2.2.0 when it hits 3.3.3.0

how the nat would be and the ACL ?

Hello Ofir,

Happy new year!

object network Local_LAN

subnet 192.168.10.0 255.255.255.0

object network Public_External_LAN

subnet 4.2.2.0 255.255.255.0

object network Public_Local

subnet 3.3.3.0 255.255.255.0

Object network External_Lan

subnet 166.168.13.0 255.255.255.0

nat (inside,outside) source static Local_LAN Public_Local destination static Public_External_LANPublic_External_LAN

nat (outside,inside) source static External_Lan Public_External_LAN destination static Public_Local Public_Local

That should do it!

Do rate helpful posts

Julio

Hi Julio,

Any known limition with nat translation table size, let say that all the networks are class A ( /8 )

can the asa handle such amount of one to one translations?

Hello,

Not a problem the ASA will handle those translations, do not worry for that.

Julio

If this answer your question please mark the question as answered.

Regards,

Julio