Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2135
Views
0
Helpful
2
Replies

Can the ASA perform SNAT?

Go to solution
david
Level 1
Level 1

‎05-22-2012 07:04 AM - edited ‎03-11-2019 04:09 PM

SNAT as in "Source NAT".  I'm trying to setup dual firewalls and want to use both concurrently while I transition my inbound NAT rules to the ASA.  However, the default route on the core switch prohibits me from doing this since it only knows about the old firewall.  A couple of possible workarounds are SNAT or Policy Based Routing on the core switch.  Can the ASA perform SNAT like F5?  i.e, Can it use its internal address as the "source" for anything destined to an internal web server?  That way the web server would attempt to return the packet back to the ASA instead of using the default route, which is the old firewall.  I've attached a simplified diagram of what I'm trying to accomplish.  Thanks! 

1 person had this problem
Labels:
Preview file
45 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to david

‎05-22-2012 08:52 PM

Hello David,

Thanks for taking the time to let the forum about this resolution

Now please mark the question as answered so future users can learn as you did

Have a wonderful night

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
2 Replies 2

Go to solution
david
Level 1
Level 1

‎05-22-2012 12:00 PM

One of the TAC guys helped me wth this.  The answer is YES!  The following line did the trick for me.

nat (outside,inside) source dynamic any interface destination static "Your Public mapped IP address here" "Your Internal real www server IP address here"

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to david

‎05-22-2012 08:52 PM

Hello David,

Thanks for taking the time to let the forum about this resolution

Now please mark the question as answered so future users can learn as you did

Have a wonderful night

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card