Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Migrate iptables rules to asa5505

Hi,

I have a custumer that they have a Linux firewall with iptables and like to migrate it to asa5505.

The problem is a no tipical Dnat that it running in prerouting.

This Dnat change the detination ip according the net from and port at the packages.

This packages come to server from a VPN in IpSEC, and the moment it arrive the firewall chage after it go in at routing tables.

I need to change the IP at prerouting momento becouse the original destinaiton IP is a IP in the firewall and we need that the package go to a server in a LAN.

I hope the next graphics explain any more :

                              VPN IpSec                                                                                 LAN

     VPN <-------------------------------------->FW Linux IP:192.168.5.20 <---------------------------------------> Server IP:192.168.10.20

Original Package                                   Change at FW                                       

192.168.5.20:1234                               192.168.5.20:1234 to 192.168.10.20:1234

The question is : Is it posible to replite it in a ASA5505 ? and the answer it yes can help me.

Best regrets,

Santiago Hoyos.

  • LAN Switching and Routing
Everyone's tags (4)
2 REPLIES
New Member

Migrate iptables rules to asa5505

From my understanding, the answer is yes.

suppose ASA interface connect to VPN is named outside and ASA interface connect to LAN is named inside, then NAT command for ASA would be like this:

object network vpn-client

host ip_address 192.168.5.20

object network lan-server

host ip_address 192.168.10.20

nat (inside,outside) source static lan-server vpn-client destination static any any

New Member

Migrate iptables rules to asa5505

Hi, ok, now the real problem it we have 2 vpns with diferent networks, IP and server.

In this case how to setup the inside and outside interzas ? it's a no easy configuration that i found in a linux firewall

375
Views
4
Helpful
2
Replies
This widget could not be displayed.