topic ASA NAT Help in Network Security

ASA NAT Help

rosscourtnell — Mon, 11 Mar 2019 21:20:11 GMT

Hi there

I am after some guidance on how to configure a NAT scenario via a Cisco ASA running 8.04.

Here is the scenario:

I have a server cluster of 2 hosts and a virtual ip on the inside network.

Server 1: 1.1.1.1

Server 2: 1.1.1.2

Virtual IP: 1.1.1.3

These hosts need to initiate connections to a target host 5.5.5.5 on the Outside network

All 3 inside host ip addresses need to be NAT'd to the same single NAT IP when initiating connections through the ASA to the outside host.

So for example: I need 1.1.1.1, 1.1.1.2 & 1.1.1.3 to be NAT'd at the ASA to lets say 3.3.3.3 when targeting 5.5.5.5

The host on the Outside network (5.5.5.5) also needs to initiate connections to the virtual IP of the inside server cluster and so will need to target the same single NAT (3.3.3.3) the insidwe hosts are seen as.

I am think static policy nat may be the way to go but because both inside and outside hosts need to initiate connections I am a little unsure on the best way to achieve this.

I hope that is clear and would greatly appreciate and help with this!

Many thanks

Ross

ASA NAT Help

Anu M Chacko — Fri, 02 Sep 2011 11:07:53 GMT

Hi Ross,

This should work for both directions:

static (inside,outside) 3.3.3.3 access-list abc

access-list abc permit ip host 1.1.1.1 host 5.5.5.5

access-list abc permit ip host 1.1.1.2 host 5.5.5.5

access-list abc permit ip host 1.1.1.3 host 5.5.5.5

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cfgnat.html#wp1042553

Hope this helps!

Regards,

Anu

ASA NAT Help

rosscourtnell — Fri, 02 Sep 2011 11:16:55 GMT

Hi Anu

Thanks for the quick reply.

So what type of NAT rule is the example you have given?

Many thanks

Ross

ASA NAT Help

Anu M Chacko — Fri, 02 Sep 2011 13:29:44 GMT

Hi Ross,

This is Static policy NAT.

Regards,

Anu