02-02-2012 07:22 AM - edited 03-11-2019 03:23 PM
Is it possible with the Cisco ASA to translate an outside address to an internal address during PAT? So i want to do is to dynamic outside address translation after the PAT. So if a user on the outside connects to us thru a PAT rule, his outside is translated to an inside address.
Solved! Go to Solution.
02-02-2012 11:58 AM
Hello Tshi,
You will need:
access-list test permit tcp outside_user_ip host VIP eq 7500
access-list test permit tcp outside_user_ip host VIP eq 3078
nat (outside) 10 access-list test outside
global (inside) 10 172.166.1.x
Regards,
Do rate helpful posts
Julio
02-02-2012 12:44 PM
Hello Tshi,
That new ACL that I provided you is not applied to the outside interface so not worry for that.
Regards,
Julio
02-02-2012 10:52 AM
Hello,
So 192.168.12.0/24inside ----ASA------outside2.2.2.0/24
You want that if a outside users go into your network gets patted to 192.168.12.x right??
If that is what you are looking for, yes that is possible on the ASA!!
Regards,
Julio
02-02-2012 11:26 AM
Yes, exactly. I have some PAT commands configured. How do I go by doing that?
static (inside,outside) tcp VIP 3078 172.16.1.68 ssh netmask 255.255.255.255
static (inside,outside) tcp VIP 7500 172.16.1.4 1433 netmask 255.255.255.255
i want when a user establishes a connection to VIP or either port, the public IP address get translated to 172.16.1.x
02-02-2012 11:58 AM
Hello Tshi,
You will need:
access-list test permit tcp outside_user_ip host VIP eq 7500
access-list test permit tcp outside_user_ip host VIP eq 3078
nat (outside) 10 access-list test outside
global (inside) 10 172.166.1.x
Regards,
Do rate helpful posts
Julio
02-02-2012 12:18 PM
Julio,
Thanks indeed..I will try this shortly. Does it matter if I already have an access-list applied to the outside interface...Or can I just use it with nat 10?
access-list FROM_INTERNET extended permit tcp any host VIP eq 3078
access-list FROM_INTERNET extended permit tcp any host VIP eq 7500
access-group FROM_INTERNET in interface outside
02-02-2012 12:44 PM
Hello Tshi,
That new ACL that I provided you is not applied to the outside interface so not worry for that.
Regards,
Julio
02-02-2012 07:51 PM
Julio,
Thanks indeed...this was extremely helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide