03-12-2010 05:26 AM - edited 03-11-2019 10:21 AM
Hi,
if I define a Static NAT'ing on my ASA, will it translate only source IpAddr or Destination IPAddr as well ? (saying I want to perform destination NAT'ing only).
Thanks
Solved! Go to Solution.
03-12-2010 09:38 AM
All static statements are bi-directional so -
static (inside,outside) 175.10.10.1 192.168.5.10 netmask 255.255.255.255 means -
1) if the connection was initiated from inside the source IP of 192.168.5.10 would be translated to 175.10.10.1
2) if the connection was initiated from the outside to 175.10.10.1 the destination address would be translated to 192.168.5.10
Jon
03-12-2010 06:55 AM
static (in,out) 1.1.1.1 10.10.10.10 net 255.255.255.255
in - 100 sec
out - 0 sec
Say 10.x host wants to go to google this is outbound and the source will be translated.
The same flow if google wants to reach 1.1.1.1 inbound (say this 10.x host is actually a webserver) then, the destination address that google will try will be translated to 10.10.10.10
-KS
03-12-2010 09:10 AM
So the destination IP is translated because it is reply-traffic or would it translate it even though google was just initiating a session ?
In other words, does 'static' work for destination IPAddr on non-reply traffic ? Is the ASA smart enough to see there is a destination IPAddr it has a NAT entry for ?
Thanks
03-12-2010 09:38 AM
All static statements are bi-directional so -
static (inside,outside) 175.10.10.1 192.168.5.10 netmask 255.255.255.255 means -
1) if the connection was initiated from inside the source IP of 192.168.5.10 would be translated to 175.10.10.1
2) if the connection was initiated from the outside to 175.10.10.1 the destination address would be translated to 192.168.5.10
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: