https://community.cisco.com/t5/network-security/nat-question-solution-request/m-p/2122265#M394474 <P>Hi.&nbsp; I have the following scenario and not sure how to build a NAT for it.&nbsp; Using OS 8.3(2)&nbsp; ASA 5510 secplus lic</P><P></P><P>I have a device on Outside interface that ONLY can talk to devices on its own broadcast domain, but I have a device on the Inside interface that must be able to talk to this device on the Outside interface.&nbsp; I'm thinking I can set up a NAT for this device on the Inside interface to appear to be on the Outside interface.&nbsp; Networks and hosts below:</P><P></P><P>interface Ethernet0/0</P><P>nameif Inside (routed interface connecting to the trusted side networks)</P><P>security-level 100</P><P>ip address 192.21.250.92 255.255.255.248 </P><P>!</P><P>interface Ethernet0/1</P><P>nameif outside (layer 2 network with the "outside" interface being the gateway)</P><P>security-level 50</P><P>ip address 192.14.225.1 255.255.255.128</P><P>!</P><P>host 192.14.225.121 (device that can only talk on its own broadcast domain - can't set a default gateway on it)</P><P>host 192.51.14.38 (device that 192.14.225.121 needs to be able to talk to, that's coming from the Inside interface)</P><P></P><P>Can I have the 192.51.14.38 appear to be 192.14.225.5, so that 192.14.225.121 can talk to it?&nbsp; Any other ideas or configurations for a solution would be much appreciated.</P><P></P><P>Thanks,</P><P>Aaron</P> Tue, 12 Mar 2019 00:34:38 GMT aaronkite 2019-03-12T00:34:38Z https://community.cisco.com/t5/network-security/nat-question-solution-request/m-p/2122265#M394474 <P>Hi.&nbsp; I have the following scenario and not sure how to build a NAT for it.&nbsp; Using OS 8.3(2)&nbsp; ASA 5510 secplus lic</P><P></P><P>I have a device on Outside interface that ONLY can talk to devices on its own broadcast domain, but I have a device on the Inside interface that must be able to talk to this device on the Outside interface.&nbsp; I'm thinking I can set up a NAT for this device on the Inside interface to appear to be on the Outside interface.&nbsp; Networks and hosts below:</P><P></P><P>interface Ethernet0/0</P><P>nameif Inside (routed interface connecting to the trusted side networks)</P><P>security-level 100</P><P>ip address 192.21.250.92 255.255.255.248 </P><P>!</P><P>interface Ethernet0/1</P><P>nameif outside (layer 2 network with the "outside" interface being the gateway)</P><P>security-level 50</P><P>ip address 192.14.225.1 255.255.255.128</P><P>!</P><P>host 192.14.225.121 (device that can only talk on its own broadcast domain - can't set a default gateway on it)</P><P>host 192.51.14.38 (device that 192.14.225.121 needs to be able to talk to, that's coming from the Inside interface)</P><P></P><P>Can I have the 192.51.14.38 appear to be 192.14.225.5, so that 192.14.225.121 can talk to it?&nbsp; Any other ideas or configurations for a solution would be much appreciated.</P><P></P><P>Thanks,</P><P>Aaron</P> Tue, 12 Mar 2019 00:34:38 GMT https://community.cisco.com/t5/network-security/nat-question-solution-request/m-p/2122265#M394474 aaronkite 2019-03-12T00:34:38Z https://community.cisco.com/t5/network-security/nat-question-solution-request/m-p/2122266#M394475 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Dont you already have some default PAT configuration that does translation for networks behind interface "Inside" to the interface IP address of "outside" which is directly connected as far as host 192.14.225.121 is conserned? Then again looking that both of the networks are public I guess you wouldnt really have need for a PAT configuration between Inside and outside.</P><P></P><P>If not I guess one solution might be (object names might be better as something else <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN>)</P><P></P><P><STRONG>object network MAPPED-192.14.225.5</STRONG></P><P><STRONG> host 192.14.225.5</STRONG></P><P></P><P><STRONG>object network MAPPED-192.14.225.5-DEST</STRONG></P><P><STRONG> host 194.14.225.121</STRONG></P><P></P><P><STRONG>object network MAPPED-192.14.225.5-SOURCE</STRONG></P><P><STRONG> host 192.51.14.38</STRONG></P><P></P><P><STRONG>nat (Inside,outside) source static MAPPED-192.14.225.5-SOURCE MAPPED-192.14.225.5 destination static MAPPED-192.14.225.5-DEST MAPPED-192.14.225.5-DEST</STRONG></P><P></P><P>Seems a bit complex but should work I guess.</P><P></P><P>From left to right</P><UL><LI>Source interface</LI><LI>Destination interface</LI><LI>Static source address</LI><LI>Static mapped address</LI><LI>Static destination address twice as no change regarding its translation is done.</LI></UL><P></P><P>So to my understanding this NAT should only apply for the source host 192.51.14.38 when the destination is 192.14.225.121</P><P></P><P>- Jouni</P></BODY></HTML> Fri, 07 Dec 2012 16:04:40 GMT https://community.cisco.com/t5/network-security/nat-question-solution-request/m-p/2122266#M394475 Jouni Forss 2012-12-07T16:04:40Z https://community.cisco.com/t5/network-security/nat-question-solution-request/m-p/2122267#M394476 <HTML><HEAD></HEAD><BODY><P> Brilliant!&nbsp; works perfectly thanks so much!&nbsp; <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" height="16" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif" width="16"></SPAN></P></BODY></HTML> Fri, 07 Dec 2012 16:45:52 GMT https://community.cisco.com/t5/network-security/nat-question-solution-request/m-p/2122267#M394476 aaronkite 2012-12-07T16:45:52Z