https://community.cisco.com/t5/network-security/source-based-destination-nat-in-ftd/m-p/5248523#M1118885 <P>Hello</P> <BLOCKQUOTE><HR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1146335">@MSJ1</a>&nbsp;wrote:<BR /> <P>1. if Source is 199.19.3.63 ( this IP at other side of the Site to Site VPN - A Side ) then at B Side of the VPN DNAT will be 199.19.3.63 to <STRIKE>10.8.55.229</STRIKE>&nbsp;<STRONG>199.19.3.64</STRONG><BR />2. if Source is 199.19.5.67 ( this IP at other side of the Site to Site VPN - A Side ) then at B Side of the VPN DNAT will be 199.19.5.68 to <STRIKE>10.8.55.229</STRIKE>&nbsp;<STRONG>199.19.5.67</STRONG></P> <HR /></BLOCKQUOTE> <P><BR />The return traffic from B side should not be aware of 10.8.55.x so any return traffic will be to&nbsp;<STRONG>199.19.3.64/67</STRONG><BR /><STRONG><BR /><BR /></STRONG></P> <BLOCKQUOTE><HR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1146335">@MSJ1</a>&nbsp;wrote:99.19.5.68 to 10.8.55.229 <P>So Original Destination is same for both NAT statement at B Side. So my question is how do I define each Source in each NAT Line ? Is it doable ?</P> <HR /></BLOCKQUOTE> <P><U><STRONG>Edited</STRONG></U>: apologies my question was not clear-<BR />Do you mean translation <U>based</U> on source &amp; destination address ?<BR /><U><BR />example below</U><STRONG><BR /></STRONG>object network insidehost<BR />host <SPAN>10.8.55.229</SPAN></P> <P>object network destinationhost1<BR />host <SPAN>199.19.3.63</SPAN></P> <P><SPAN>object network destinationhost2<BR />host 199.19.3.68<BR /></SPAN></P> <P>object network natip1<BR />host <SPAN>199.19.3.64<BR /></SPAN></P> <P><SPAN>object network natip2<BR />host 199.19.3.67<BR /></SPAN></P> <P><BR />nat (inside,out) source static insidehost natip1 destination static destinationhost1 destinationhost1<BR />nat (inside,out) source static insidehost natip2 destination static destinationhost2 destinationhost2<BR /><BR /></P> Fri, 17 Jan 2025 09:33:00 GMT paul driver 2025-01-17T09:33:00Z https://community.cisco.com/t5/network-security/source-based-destination-nat-in-ftd/m-p/5248307#M1118876 <P>Problem Details:</P> <P>Configured 2 Destination NAT as per below</P> <P>nat (Inside,Outside) source static 10.8.55.229 199.19.3.64 unidirectional<BR />nat (Inside,Outside) source static 10.8.55.229 199.19.5.67 unidirectional</P> <P>Following plan below configured above 2 lines.</P> <P>1. if Source is 199.19.3.63 ( this IP at other side of the Site to Site VPN - A Side ) then at B Side of the VPN DNAT will be 199.19.3.64 to 10.8.55.229<BR />2. if Source is 199.19.5.67 ( this IP at other side of the Site to Site VPN - A Side ) then at B Side of the VPN DNAT will be 199.19.5.68 to 10.8.55.229</P> <P>So Original Destination is same for both NAT statement at B Side. So my question is how do I define each Source in each NAT Line ? Is it doable ?</P> Thu, 16 Jan 2025 20:06:05 GMT https://community.cisco.com/t5/network-security/source-based-destination-nat-in-ftd/m-p/5248307#M1118876 MSJ1 2025-01-16T20:06:05Z https://community.cisco.com/t5/network-security/source-based-destination-nat-in-ftd/m-p/5248523#M1118885 <P>Hello</P> <BLOCKQUOTE><HR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1146335">@MSJ1</a>&nbsp;wrote:<BR /> <P>1. if Source is 199.19.3.63 ( this IP at other side of the Site to Site VPN - A Side ) then at B Side of the VPN DNAT will be 199.19.3.63 to <STRIKE>10.8.55.229</STRIKE>&nbsp;<STRONG>199.19.3.64</STRONG><BR />2. if Source is 199.19.5.67 ( this IP at other side of the Site to Site VPN - A Side ) then at B Side of the VPN DNAT will be 199.19.5.68 to <STRIKE>10.8.55.229</STRIKE>&nbsp;<STRONG>199.19.5.67</STRONG></P> <HR /></BLOCKQUOTE> <P><BR />The return traffic from B side should not be aware of 10.8.55.x so any return traffic will be to&nbsp;<STRONG>199.19.3.64/67</STRONG><BR /><STRONG><BR /><BR /></STRONG></P> <BLOCKQUOTE><HR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1146335">@MSJ1</a>&nbsp;wrote:99.19.5.68 to 10.8.55.229 <P>So Original Destination is same for both NAT statement at B Side. So my question is how do I define each Source in each NAT Line ? Is it doable ?</P> <HR /></BLOCKQUOTE> <P><U><STRONG>Edited</STRONG></U>: apologies my question was not clear-<BR />Do you mean translation <U>based</U> on source &amp; destination address ?<BR /><U><BR />example below</U><STRONG><BR /></STRONG>object network insidehost<BR />host <SPAN>10.8.55.229</SPAN></P> <P>object network destinationhost1<BR />host <SPAN>199.19.3.63</SPAN></P> <P><SPAN>object network destinationhost2<BR />host 199.19.3.68<BR /></SPAN></P> <P>object network natip1<BR />host <SPAN>199.19.3.64<BR /></SPAN></P> <P><SPAN>object network natip2<BR />host 199.19.3.67<BR /></SPAN></P> <P><BR />nat (inside,out) source static insidehost natip1 destination static destinationhost1 destinationhost1<BR />nat (inside,out) source static insidehost natip2 destination static destinationhost2 destinationhost2<BR /><BR /></P> Fri, 17 Jan 2025 09:33:00 GMT https://community.cisco.com/t5/network-security/source-based-destination-nat-in-ftd/m-p/5248523#M1118885 paul driver 2025-01-17T09:33:00Z https://community.cisco.com/t5/network-security/source-based-destination-nat-in-ftd/m-p/5248527#M1118887 <P><SPAN>nat (out,in) source static remoteLAN1 remoteLAN1 destination static &lt;mapp server IP1&gt; &lt;real IP&gt;</SPAN></P> <P>&nbsp;</P> <P><SPAN>nat (out,in) source static remoteLAN2 remoteLAN2 destination static &lt;mapp server IP2&gt; &lt;real IP&gt;</SPAN></P> <P><SPAN>MHM</SPAN></P> Fri, 17 Jan 2025 09:13:19 GMT https://community.cisco.com/t5/network-security/source-based-destination-nat-in-ftd/m-p/5248527#M1118887 MHM Cisco World 2025-01-17T09:13:19Z