11-08-2011 01:59 AM - edited 03-11-2019 02:47 PM
Good day all,
hope someone can help/explain me destination nat.
I have one host A 172.20.0.x that must translate to host B 192.168.5.x.
So if a vpn office (192.168.36.0/24) try to connect to host A 172.20.0.x it must translate to host B 192.168.5.x.
Is this possible and how I can configure this NAT rule.
I using ASA V8.4(1)
Many thanks for your feedback!
Brgds Markus
11-08-2011 02:22 AM
What I understood is that your host 172.20.0.x is sitting on inside network and you want this host to be available on outside network /published as 192.168.5.x , such that other host connecting to it would be connecting to 192.168.5.x and ASA will do the translation .
You can achieve it as following
Static (inside, outside) 192.168.15.x 172.20.0.x net mask 255.255.255.255
Access-list out-in extended permit ip 192.168.36.0 255.255.255.0 host 192.168.5.x
Access-group out-in in interface outside
Sent from Cisco Technical Support iPad App
11-08-2011 06:06 AM
Hi,
thanks for the fast response.
The Host B 192.168.5.X is also on an inside interface. I will that all remote VPN locations that try to connect to host A 172.0.0.X translated to host B 192.168.5.X.
Brgds Markus
11-08-2011 07:26 AM
Ok I got it,
nat (wan_primary,inside) source static 192.168.36.0 192.168.36.0 destination static 172.20.0.X 192.168.5.X
Brgds Markus
11-08-2011 07:26 AM
I am sorry but can you explain , if you have 192.168.5.x and 172.0.0.x are on inside network meaning both hosts are live then in such a case both would be used by VPN users simultaneously., correct ?
Then you cannot translate host A to host B address because translation can happen using VIP (virtual IP) with real IP.
What you are talking about it diversion or maybe I mis understood you and if you can explain more I might be able to help you out.
Sent from Cisco Technical Support iPad App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: