cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
482
Views
0
Helpful
3
Replies

Destination NAT'ing on ASA

joyride_us2
Level 1
Level 1

Hi,

if I define a Static NAT'ing on my ASA, will it translate only source IpAddr or Destination IPAddr as well ? (saying I want to perform destination NAT'ing only).

Thanks

1 Accepted Solution

Accepted Solutions

All static statements are bi-directional so -

static (inside,outside) 175.10.10.1 192.168.5.10 netmask 255.255.255.255 means -

1) if the connection was initiated from inside the source IP of 192.168.5.10 would be translated to 175.10.10.1

2) if the connection was initiated from the outside to 175.10.10.1 the destination address would be translated to 192.168.5.10

Jon

View solution in original post

3 Replies 3

Kureli Sankar
Cisco Employee
Cisco Employee

static (in,out) 1.1.1.1 10.10.10.10 net 255.255.255.255

in - 100 sec

out - 0 sec

Say 10.x host wants to go to google this is outbound and the source will be translated.

The same flow if google wants to reach 1.1.1.1 inbound (say this 10.x host is actually a webserver) then, the destination address that google will try will be translated to 10.10.10.10

-KS

So the destination IP is translated because it is reply-traffic or would it translate it even though google was just initiating a session ?

In other words, does 'static' work for destination IPAddr on non-reply traffic ? Is the ASA smart enough to see there is a destination IPAddr it has a NAT entry for ?

Thanks

All static statements are bi-directional so -

static (inside,outside) 175.10.10.1 192.168.5.10 netmask 255.255.255.255 means -

1) if the connection was initiated from inside the source IP of 192.168.5.10 would be translated to 175.10.10.1

2) if the connection was initiated from the outside to 175.10.10.1 the destination address would be translated to 192.168.5.10

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: