Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT translation - migrating from 8.2 to 9.x

What is the new 8.3+ "coding" for the NAT translation below from an 8.2 ASA? I'm running 9.1.2 on a 5512X

static (WebTestInside,outside) tcp 172.31.0.14 https 192.168.20.14 https netmask 255.255.255.255  dns

I basically want the translation to be used for htttps only.  Otherwise the host should use the interface NAT.

Here's what I've tried, but it doesn't want to let me do the port translation and the dns rewrite.  It will let me do one or the other, not both.

nat (any,outside) source dynamic any interface

object network WebInsideNAT-192.168.20.14
host 192.168.20.14

It will let me do this

object network WebInsideNAT-192.168.20.14

nat (WebTestInside,outside) static 172.31.0.14 dns

or

object network WebInsideNAT-192.168.20.14

nat (WebTestInside,outside) static 172.31.0.14 service tcp 443 443

but not both

object network WebInsideNAT-192.168.20.14

nat (WebTestInside,outside) static 172.31.0.14 service tcp 443 443 dns

Everyone's tags (5)
3 REPLIES
VIP Green

NAT translation - migrating from 8.2 to 9.x

PAT with DNS rewrite is not supported, which is why you can only do dns rewrite when performing NAT and not PAT.

DNS rewrite is not compatible with static Port Address Translation (PAT) because multiple PAT rules are applicable for each A-record, and the PAT rule to use is ambiguous.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml#prereq

--

Please rate all helpful posts.

--

Please remember to rate and select a correct answer
New Member

NAT translation - migrating from 8.2 to 9.x

So it just happened to work on the earlier code? That stinks.  Oh well.

VIP Green

NAT translation - migrating from 8.2 to 9.x

Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
360
Views
0
Helpful
3
Replies
CreatePlease login to create content