https://community.cisco.com/t5/network-security/asa-source-ip-configuration-for-servers/m-p/2050851#M438522 <HTML><HEAD></HEAD><BODY><P>It is running 8.2(2) .</P><P></P><P>Appreciate if i can get the steps to achieve it. thanks.</P></BODY></HTML> Fri, 07 Sep 2012 05:59:45 GMT suthomas1 2012-09-07T05:59:45Z https://community.cisco.com/t5/network-security/asa-source-ip-configuration-for-servers/m-p/2050849#M438520 <P>Hi,</P><P></P><P>We have the following flow:</P><P></P><P>LAN Server ( 192.168.100.5 &amp; 100.11 ) -----&gt; Switch -------&gt; ASA ---------&gt; Internet ------------&gt; Destination Host</P><P>The ASA's outside interface has Internet IP 202.87.65.22</P><P></P><P>When both Lan servers initiate a connection to the remote destination host, they are only recognised at the destination with individual Internet IP's as given.</P><P></P><P>i.e, 192.168.100.5 is only recognised as 202.87.65.35&nbsp; &amp; </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 192.168.100.11 is only recognised as 202.87.65.36</P><P></P><P>The destination doesn't recognise the request if the source is not from above Internet IP's.</P><P></P><P>How do i ensure and configure the ASA such that; traffic from both these lan servers go out with their Internet IP's only, rather than taking the ASA's </P><P>outside interface IP.</P><P></P><P>Please help.</P> Mon, 11 Mar 2019 23:51:15 GMT https://community.cisco.com/t5/network-security/asa-source-ip-configuration-for-servers/m-p/2050849#M438520 suthomas1 2019-03-11T23:51:15Z https://community.cisco.com/t5/network-security/asa-source-ip-configuration-for-servers/m-p/2050850#M438521 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>With Policy nat (8.2) or Twice Nat with destination on (8.3 or higher)</P><P></P><P>What version are you running?</P><P></P><P><STRONG>Rate all the answers, that is more important for us than a thanks?</STRONG></P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Fri, 07 Sep 2012 05:53:02 GMT https://community.cisco.com/t5/network-security/asa-source-ip-configuration-for-servers/m-p/2050850#M438521 Julio Carvajal 2012-09-07T05:53:02Z https://community.cisco.com/t5/network-security/asa-source-ip-configuration-for-servers/m-p/2050851#M438522 <HTML><HEAD></HEAD><BODY><P>It is running 8.2(2) .</P><P></P><P>Appreciate if i can get the steps to achieve it. thanks.</P></BODY></HTML> Fri, 07 Sep 2012 05:59:45 GMT https://community.cisco.com/t5/network-security/asa-source-ip-configuration-for-servers/m-p/2050851#M438522 suthomas1 2012-09-07T05:59:45Z https://community.cisco.com/t5/network-security/asa-source-ip-configuration-for-servers/m-p/2050852#M438523 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If you are using pre 8.3 code, then you would need the following configuration:</P><P></P><P>static (inside,outside) 202.87.65.35 192.168.100.5</P><P>static (inside,outside) 202.87.65.36 192.168.100.11</P><P></P><P>access-list outside_access_in permit ip any host 202.87.65.35</P><P>access-list outside_access_in permit ip any host 202.87.65.36</P><P></P><P>access-group outside_access_in in interface outside</P><P></P><P>You would only need the access-list if you also want the outside destination host to access your internal server.</P><P></P><P>Hope that helps.</P><P></P><P>Thanks, <BR />Varun Rao <BR />Security Team, <BR />Cisco TAC</P></BODY></HTML> Fri, 07 Sep 2012 06:02:42 GMT https://community.cisco.com/t5/network-security/asa-source-ip-configuration-for-servers/m-p/2050852#M438523 varrao 2012-09-07T06:02:42Z https://community.cisco.com/t5/network-security/asa-source-ip-configuration-for-servers/m-p/2050853#M438524 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>So lets go with the Policy nat as per your request is based on destination</P><P></P><P>access-list test permit ip host 192.168.100.5 host destination_host_ip</P><P>nat (inside) 10 access-list test</P><P>global (outside) 10&nbsp; 202.87.65.35</P><P></P><P>access-list test2 permit ip host&nbsp; 192.168.100.11&nbsp; host destination_host_ip</P><P>nat (inside) 11 access-list&nbsp; test2</P><P>global (outside) 11 202.87.65.36</P><P></P><P><STRONG>Remember to rate all the answers,</STRONG></P><P></P><P>Julio</P></BODY></HTML> Fri, 07 Sep 2012 06:27:22 GMT https://community.cisco.com/t5/network-security/asa-source-ip-configuration-for-servers/m-p/2050853#M438524 Julio Carvajal 2012-09-07T06:27:22Z