cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2538
Views
5
Helpful
4
Replies

Many to one - NAT in ASA

b-cunningham
Level 1
Level 1

I have a requirement to allow 11 internal hosts to access an FTP server through a site to site VPN tunnel. The other side wants to see a public IP address that is not the peer address (outside interface). I?ve been unable to make a NAT that will translate multiple IP?s to a single outside address. Is this possible on an ASA5520, and if so can you point me in the right direction?

4 Replies 4

Collin Clark
VIP Alumni
VIP Alumni

You will need to use policy nat, probably with an ACL. This link should help.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b6e1a.shtml

Thank you. This document was also very informative.

Fernando_Meza
Level 7
Level 7

Hi .. you need to use PAT with an access-list

i.e

nat (inside) 10 access-list FTP_Access

access-list FTP_Access extended permit tcp eq ftp

global (outside) 10 netmask 255.255.255.255

You also need to make sure you allow that access on any access list applied to the inside interface .. now I am not sure whether you will be able to get this traffic throught the VPN tunnel ..

I hope it helps .. please rate it if it does !!!

Thank you. That's just what I needed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: