Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Reverse Natting on asa 8.2

Hi All,

I am currently trying to apply a reverse NAT on asa 8.2 and not sure how to do this. I have done this on asdm 6.2 for asa 8.3 but the options are not simiar on 8.2. Is there a CLI equivelant?

I am trying to Achieve the object below

for any traffic coming from outside interface to the inside interface with any source address to destination 10.X.X.58 then translate it so that it become 192.X.X.X to address 192.X.X.58. This is so that communications can traverse internal network as the server is not ona DMZ.

I have done this on 8.3 (shown below) but do not know if it is possible for 8.2, I have tried replicating the same command on 8.2 but commands are not recognised.

nat (outside,any) source static any 192.X.X.X destination static 10.X.X.X 192.X.X.58

Should I just upgrade to 8.3? never done it before so not sure of the consequences.

Any advise appreciated!

1 ACCEPTED SOLUTION

Accepted Solutions

Reverse Natting on asa 8.2

Hi Bro

Cisco ASA CLI changed quite a bit after v8.3 and above :-) especially on the NAT portion. This requirement can be done in v8.2 but you should upgrade to v8.3. After all v8.2 features are somewhat limited and is very buggy :-)

P/S: If you think this comment is useful, please do rate them nicely :-) and select the option “This Question is Answered”

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
3 REPLIES

Reverse Natting on asa 8.2

Hi Bro

Cisco ASA CLI changed quite a bit after v8.3 and above :-) especially on the NAT portion. This requirement can be done in v8.2 but you should upgrade to v8.3. After all v8.2 features are somewhat limited and is very buggy :-)

P/S: If you think this comment is useful, please do rate them nicely :-) and select the option “This Question is Answered”

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department

Re: Reverse Natting on asa 8.2

Hi Zahan,

What you need is dynamic policy nat on 8.2 fellow the example below.

access-list policy-acl-1 extended permit ip any host 10.X.X.58

global (inside) 99 192.X.X.X - 192.X.X.58

nat (outside) 99 access-list policy-acl-1

Let me know, if this helps.

Thanks

Rizwan Rafeek.

Message was edited by: Rizwan Mohamed

Cisco Employee

Reverse Natting on asa 8.2

Zahan,

You can actually do it on 8.2 but not for "any" interface. Let's put the sample for outside to inside.

access-list pnat permit ip any host 10.X.X.X

nat (outside) 40 access-list pnat outside

global (inside) 40 192.X.X.X

static (inside,outside) 192.X.X.58 10.X.X.X

Off course NAT on 8.3/8.4 is more flexible than 8.2 so if you can upgrade your ASA it will a good option.

Luis Silva

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
1555
Views
10
Helpful
3
Replies
CreatePlease to create content