Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Source & Destination NAT

Can anyone point to a Cisco document that cleary describes source and destination NAT, the differences between them, why you would use ource over destination & vice versa and any configuration examples on an ASA.

Thanks

Paul

1 REPLY
Hall of Fame Super Blue

Re: Source & Destination NAT

Paul

Source and destination NAT are relative to the interfaces on the ASA firewall. A couple of examples might help -

you have a server on your LAN with a private address of 192.168.10.1 and you want to "present" it to the outside as 177.10.10.1

1) static (inside,outside) 177.10.10.1 192.168.10.1 netmask 255.255.255.255

a) traffic going from the server on the inside to the outside -

    the src IP is changed from 192.168.10.1 to 195.166.10.1    the destination IP is left as is.

b) traffic returning to the server from the outside

   the src IP is left as is

   the destination IP is changed from 177.10.10.1 to 192.168.10.1

You want to allow internal devices to access the 195.166.10.1 server on the internet. But you don't want to advertise 177.10.10.1 into your network. Instead you want to use 10.5.1.10 as the destination address -

2) static (outside,inside) 10.5.1.10 195.166.10.1 netmask 255.255.255.255

a) traffic going from your internal clients with a destination IP of 10.5.1.10

   the src IP is left alone

   the destination IP is changed from 10.5.1.10 to 195.166.10.1

b) traffic returning to your client from the outside server 195.166.10.1

   the src IP is changed from 195.166.10.1 to 10.5.1.10

   the destination IP is unchanged

Hope this has helped rather than add to the confusion

Jon

475
Views
5
Helpful
1
Replies
CreatePlease login to create content