Solved: Re: Pat a source address when access a inside host on asa

caondio · ‎11-18-2010

Hello, in a situation like this:

Outside 10.1.1.1

Cisco ASA

Inside 192.168.1.1

|

LAN 192.168.1.0/24

I know how to do a PAT to forward incoming packets to an inside host:

static (inside,outside) 10.1.1.2 192.168.1.2 netmask 255.255.255.255

access-list OUTSIDE extended permit tcp any host 10.1.1.2 eq www

access.group OUTSIDE in interface outside

I need to do a source nat of the incoming packets so the inside host sees ip 192.168.1.1 as source ip (or another IP address 192.168.1.0/24) Is it possible? Best regards

Aondio Carlo

Jennifer Halim · ‎11-18-2010

Sure can.

access-list nat-inside permit ip any host 10.1.1.2

nat (outside) 5 access-list nat-inside outside

global (inside) 5 interface

And "clear xlate" after the above config.

Hope that helps.

View solution in original post

Jennifer Halim · ‎11-18-2010

Sure can.

access-list nat-inside permit ip any host 10.1.1.2

nat (outside) 5 access-list nat-inside outside

global (inside) 5 interface

And "clear xlate" after the above config.

Hope that helps.

caondio · ‎11-22-2010

Hy, Jennifer

i have test your solution and all is ok

Many thanks

Best regards

Aondio Carlo

Jennifer Halim · ‎11-22-2010

Thanks for the update and rating.