Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
240
Views
0
Helpful
1
Replies

NAT question

mjsully
Level 1
Level 1

‎02-25-2009 07:08 AM - edited ‎03-11-2019 07:56 AM

will the following NAT config on an ASA conflict?

First part is for one to one NAT for inside address 172.16.1.1

static (inside,outside) 192.168.1.1 172.16.1.1 netmask 255.255.255.255

access-list outside_in permit tcp host 10.10.10.10 host 192.168.1.1

following is an exception for the one to one NAT. I have a host on the outside that needs to access the inside host 172.16.1.1, but they cannot use 192.168.1.1 as the destination. So here was what I proposed:

access-list nat-exception permit ip host 172.16.1.1 host 209.x.x.x

static (inside,outside) 172.32.1.1

access-list nat-exception

access-list outside_in permit tcp host 209.x.x.x host 172.32.1.1

basically I have a static NAT already in place, but have a new customer coming in that needs to access the same internal address via an address that is not the already defined static statement so I was wondering if the static with the access-list would be a workaround without conflicting with or affecting the one to one NAT? I'm guessing the one to one NAT trumps my idea. If anyone has any idea on how I can make this work please advise. Thanks

Labels:
0 Helpful
1 Reply 1

allen.malanda_2
Level 1
Level 1

‎02-25-2009 07:49 AM

Hello,

I had the same type of issue. I had to use policy nat to fix it. The policy nat is triggered by access-list. Your second nat command is a policy nat. You should convert your one to one nat to a policy nat. You may still see a nat conflict pop on your CLI. But it will still work fine.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card