Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Source and destination NAT

Hi,

We need to change the source and destination address of a packet in a single travel.

For example :

F/w : outside : 10.1.1.1 /24 ( subnet )

F/w ; inside : 192.168.1.1 /24  ( subnet )

Requirement is :

If packet with source IP : 192.100.100.1 and destination IP : 10.1.1.50 arrives on the firewall outside interface.

Can we static- NAT it's source and destination both IP and send the packet  towards inside interface. .

So this  packet source will be :  192.168.1.50 ( same as of inside subnet)  and target will be 172.30.1.1. This packet will exit inside interface.

Original Packet                       ----------> arrived on outside i/f ------->                             Translated Packet

source IP - 192.100.100.1                     Static rules applied                                        source IP = 192.168.1.50 ( same as inside subnet)

Dest IP : - 10.1.1.50                                                                                                 Destination = 172.168.1.1

( same as outside subnet)

When packet returns ( it arrives on inside interface )

Returning packet -----------------> arrives on inside interface -----------> Translated and exits towards outside

source IP = 172.30.1.1            static-NAT                                   source = 10.1.1.50

Destination = 192.168.1.50                                                          Destination = 192.100.100.1

If we configure corresponding static NAt rules will it work or it will give error. Corresponding permit access list and routing is in place.

Please share the experience.

Thanks

Subodh

  • Firewalling
5 REPLIES
Cisco Employee

Re: Source and destination NAT

Hi Subodh,

What is the code you are running on the ASA ?

Thanks,

Namit

Cisco Employee

Re: Source and destination NAT

Pre 8.3 nat:

static (inside,outside) 10.1.1.50 172.30.1.1

static (outside,inside) 192.168.1.50 192.100.100.1

8.3 nat:

object network ouside_real

host 192.100.100.1

object network inside_real

host 172.30.1.1

object network inside_mapped

host 10.1.1.50

object network outside_mapped

host 192.168.1.50

nat (inside,outside) source static inside_real inside_mapped destination static  outside_mapped outside_real

refer this link: https://supportforums.cisco.com/docs/DOC-9129

-KS

Cisco Employee

Re: Source and destination NAT

Hello

Yup, it has been tested. At least in my experience in Nat previous 8.3 it works fine and Sankar is explaining. Of course, this will need to be done with Static Nat.

If you have any kind of error messages or something is not working please feel to post your questions.

Cheers

Mike.

Mike
New Member

Re: Source and destination NAT

Thanks Guys for info. I need to put these on the actual firewall and see if it works as expected.

Changing the source and destination IP address of the same packet in a single (entry and exit).

Cisco Employee

Re: Source and destination NAT

Hello,

Sounds great, just let us know if you run into any problems.

Mike.

Mike
846
Views
0
Helpful
5
Replies
This widget could not be displayed.