Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2285
Views
10
Helpful
3
Replies

Reverse Natting on asa 8.2

Go to solution
Zahan Al-Rashid
Level 1
Level 1

‎07-30-2012 09:24 AM - edited ‎03-11-2019 04:36 PM

Hi All,

I am currently trying to apply a reverse NAT on asa 8.2 and not sure how to do this. I have done this on asdm 6.2 for asa 8.3 but the options are not simiar on 8.2. Is there a CLI equivelant?

I am trying to Achieve the object below

for any traffic coming from outside interface to the inside interface with any source address to destination 10.X.X.58 then translate it so that it become 192.X.X.X to address 192.X.X.58. This is so that communications can traverse internal network as the server is not ona DMZ.

I have done this on 8.3 (shown below) but do not know if it is possible for 8.2, I have tried replicating the same command on 8.2 but commands are not recognised.

nat (outside,any) source static any 192.X.X.X destination static 10.X.X.X 192.X.X.58

Should I just upgrade to 8.3? never done it before so not sure of the consequences.

Any advise appreciated!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ramraj Sivagnanam Sivajanam
Level 4
Level 4

‎07-31-2012 06:44 AM

Hi Bro

Cisco ASA CLI changed quite a bit after v8.3 and above :-) especially on the NAT portion. This requirement can be done in v8.2 but you should upgrade to v8.3. After all v8.2 features are somewhat limited and is very buggy :-)

P/S: If you think this comment is useful, please do rate them nicely :-) and select the option “This Question is Answered”

Warm regards,
Ramraj Sivagnanam Sivajanam

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ramraj Sivagnanam Sivajanam
Level 4
Level 4

‎07-31-2012 06:44 AM

Hi Bro

Cisco ASA CLI changed quite a bit after v8.3 and above :-) especially on the NAT portion. This requirement can be done in v8.2 but you should upgrade to v8.3. After all v8.2 features are somewhat limited and is very buggy :-)

P/S: If you think this comment is useful, please do rate them nicely :-) and select the option “This Question is Answered”

Warm regards,
Ramraj Sivagnanam Sivajanam
0 Helpful

Go to solution
rizwanr74
Level 7
Level 7

‎07-31-2012 07:43 AM

Hi Zahan,

What you need is dynamic policy nat on 8.2 fellow the example below.

access-list policy-acl-1 extended permit ip any host 10.X.X.58

global (inside) 99 192.X.X.X - 192.X.X.58

nat (outside) 99 access-list policy-acl-1

Let me know, if this helps.

Thanks

Rizwan Rafeek.

Message was edited by: Rizwan Mohamed

Go to solution
Luis Silva Benavides
Cisco Employee
Cisco Employee

‎07-31-2012 08:20 AM

Zahan,

You can actually do it on 8.2 but not for "any" interface. Let's put the sample for outside to inside.

access-list pnat permit ip any host 10.X.X.X

nat (outside) 40 access-list pnat outside

global (inside) 40 192.X.X.X

static (inside,outside) 192.X.X.58 10.X.X.X

Off course NAT on 8.3/8.4 is more flexible than 8.2 so if you can upgrade your ASA it will a good option.

Luis Silva

Luis Silva
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card