Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to configure PAT AND DESTINATION ADDRESS TRANSLATION ON ASA 8.3>

Hey Guys,

Please check my below configuration commands on asa 8.3>

Question 1 : i want to send inside/dmz1/dmz3 internet traffic using firewall interface by PAT , please confirm

if  the following commands are correct?

I. nat (any,outside) source dynamic All_PAT-GROUP interface

object-group network All_PAT-GROUP
 description: INSIDE,DMZ1,DMZ3
 network-object object N-192.168.1.0
 network-object object N-192.168.3.0
 network-object object N-10.0.0.0

 

Question 2:  site 2 LAN pc(10.21.22.x )----core-switch-->FW1 --{out interface->Fw2-....inside interface}---core-switch ------  LAN   - printer   ( 10.1.3.43) site 1

following command is issued on Fw2 &  all the commands are working fine in fw1 .

I want pc 10.21.22.x to talk to 10.1.3.43 on port 9100  , please verify my NAT & ACL statement and give ur feedback? I am trying to configure destination based nat translation here..is this correct


II.nat (outside,inside) source static H-10.249.3.26 H-10.1.3.43 service tcp-9100 tcp-9100 unidirectional description NAT1

access-list out-acl extended permit tcp host 10.21.22.x host10.1.3.43 eq 9100

access-group out-acl in interface outside


HA-Core-Firewall# sh nat de
HA-Core-Firewall# sh nat detail
Manual NAT Policies (Section 1)
1 (any) to (outside) source dynamic All_PAT-GROUP interface
    translate_hits = 0, untranslate_hits = 0
    Source - Origin: 10.0.0.0/8, 192.168.1.0/24, 192.168.3.0/24, Translated: 213.42.54.230/30
2 (outside) to (inside) source static H-10.249.3.26 H-10.1.3.43   service tcp-9100 tcp-9100 unidirectional description NAT1
    translate_hits = 0, untranslate_hits = 0
    Source - Origin: 10.249.3.26/32, Translated: 10.1.3.43/32
    Service - Origin: tcp source gt 0 destination eq 9100 , Translated: tcp source gt 0 destination eq 9100

 

 

Appreciate your quick response.

 

 

Regards,

Akber Mirza.

223
Views
0
Helpful
0
Replies