Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3208
Views
0
Helpful
3
Replies

Destination based NAT

Go to solution
pankaj.bandewar
Level 1
Level 1

‎08-02-2017 06:00 AM - edited ‎03-12-2019 02:46 AM

Dear Experts,

Scenario :

PC A (windows Server 2012 with two banking Applications hosted on it) IP : 10.60.2.37

Application 1 needs to reach to Server IP : 192.168.123.171 

Application 2 needs to reach To Server IP : 192.168.123.221

When Application 1 goes to his server his packets should be natted to 192.168.123.150

When Application 2 goes to his server his packets should be natted to 192.168.123.160

i.e depending upon the destn address i need to do natting for my ip : 10.60.2.37 

IS it possible ..?

IF yes ..how can i write nat in asa 9.4 ..?

Awaiting ...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ryan Curry
Level 1
Level 1
In response to pankaj.bandewar

‎08-14-2017 11:23 AM

Just browsing this sub and thought I'd give a shout back.  Yes, you can do this but you'll need to create objects for the IP addresses prior to adding the NAT statements and then reference those objects in the NAT statement; in the examples I'll simply use obj-<ip_address> to make it easy.  Also, I'm going to presume the interfaces are INSIDE and OUTSIDE, if not simply adjust the verbiage to your needs:

For Application 1:

nat (inside,outside) source dynamic obj-10.60.2.37 obj-NAT-192.168.123.150 destination static obj-192.168.123.171 obj-192.168.123.171

For Application 2:

nat (inside,outside) source dynamic obj-10.60.2.37 obj-NAT-192.168.123.160 destination static obj-192.168.123.221 obj-192.168.123.221

View solution in original post

0 Helpful
3 Replies 3

Go to solution
pankaj.bandewar
Level 1
Level 1

‎08-10-2017 10:52 PM

IS there anybody on the floor ..?

Awaiting valuable responses...

0 Helpful

Go to solution
Ryan Curry
Level 1
Level 1
In response to pankaj.bandewar

‎08-14-2017 11:23 AM

Just browsing this sub and thought I'd give a shout back.  Yes, you can do this but you'll need to create objects for the IP addresses prior to adding the NAT statements and then reference those objects in the NAT statement; in the examples I'll simply use obj-<ip_address> to make it easy.  Also, I'm going to presume the interfaces are INSIDE and OUTSIDE, if not simply adjust the verbiage to your needs:

For Application 1:

nat (inside,outside) source dynamic obj-10.60.2.37 obj-NAT-192.168.123.150 destination static obj-192.168.123.171 obj-192.168.123.171

For Application 2:

nat (inside,outside) source dynamic obj-10.60.2.37 obj-NAT-192.168.123.160 destination static obj-192.168.123.221 obj-192.168.123.221

0 Helpful

Go to solution
pankaj.bandewar
Level 1
Level 1
In response to Ryan Curry

‎08-16-2017 05:13 AM

thank you sir..

yes this does resolved my issue in my lab.

in production i used something from the link below..

https://www.velocityreviews.com/threads/asa-nat-based-on-destination-address.556079/ 

kindly share other valuable suggestions if any ...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card