Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How do I rewrite destination IP with another public on Cisco ASA?

We have a vendor having issues with their load balancer and are not responsive with tech support to us.  They are handing out 2 DNS entries, one works, one does not.  I would like to rewrite the bad one with the good one on our ASA outbound to band aid the issue until we can get resolved with their tech support.  What is the appropriate NAT statement?

Everyone's tags (3)
2 REPLIES

What's your firmware version?

What's your firmware version?  The NAT syntax was completely redone, with <=8.2 using the old style and >=8.4 using the new; I forget which one 8.3 uses.

VIP Green

8.3 uses the new NAT

8.3 uses the new NAT configuration.

This link provides a good overview of the relationship between the old NAT and new NAT statements:

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

What exactly are you trying to "band aid" is it the DNS requests?

If you are running version 8.3 or higher, you could try something like the following:

object network BAD-DNS
  host x.x.x.x
object network GOOD-DNS
  host y.y.y.y
object network LAN
  subnet z.z.z.0 255.255.255.0
nat (inside,outside) source static LAN LAN destination static BAD-DNS GOOD-DNS

pre 8.3, i think the commands are like this:
access-list DNS permit ip z.z.z.0 255.255.255.0 host x.x.x.x
static (inside,outside) y.y.y.y access-list DNS

--

Please remember to select a correct answer and rate helpful posts

 

--

Please remember to rate and select a correct answer
338
Views
0
Helpful
2
Replies
CreatePlease login to create content