Policy Nat

eddiemeijer — Mon, 11 Mar 2019 19:39:22 GMT

I would like to create the following situation on an ASA Firewall, but i can't get find a working solution on new firmware.

Incomming traffic on outside interface on ip 1.1.1.1 can be tcp/443 or tcp/80.

If traffic is on tcp/80 NAT to 2.2.2.1 tcp/80

if traffic is tcp/443 NAT to 2.2.2.2 tcp/443

In earlier vesion you could do this like:

access-list SSL permit tcp host 2.2.2.2 eq 443 x.x.0.0 255.255.0.0 eq 443

static (Inside,Outside) tcp 1.1.1.1 443 access-list SSL

access-list HTTP permit tcp host 2.2.2.1 eq 80 x.x.0.0 255.255.0.0 eq 80

static (Inside,Outside) tcp 1.1.1.1 http access-list HTTP

This seems to be deprecated.

We are using ASA 8.3(2) , ASDM 6.3(4)50

Thx.,..

Re: Policy Nat

Federico Coto Fajardo — Mon, 24 Jan 2011 15:39:23 GMT

Hi,

In version 8.3 the static and global commands for NAT are gone.

The only command you need is the ''nat'' command.

NAT is performed for objects now so you should define the objects as well.

If I'm not mistaken to migrate a Policy NAT configuration to 8.3 you now use what is called Twice NAT.

Please refer to this document:

Hope it helps.

Federico.