https://community.cisco.com/t5/network-security/port-redirection-question/m-p/1378657#M738021 <P>Hi All,</P><P></P><P>I have an ASA doing port redirection as follows:</P><P></P><P>static (inside,outside) tcp 2.2.2.2 80 192.168.10.2 8080</P><P>static (inside,outside) tcp 2.2.2.2 25 192.168.10.3 2525</P><P></P><P>So, whatever traffic comes to IP 2.2.2.2 on port 80 is redirected to IP 192.168.10.2 to port 8080, and traffic coming to the same IP on port 25, is redirected to IP 192.168.10.3 on port 2525.</P><P></P><P>This works perfectly. But my problem is the following:</P><P></P><P>Traffic sourced from IPs 192.168.10.2 and 192.168.10.3 to the Internet, is not translated to 2.2.2.2, but to the IP of the outside interface of the ASA (because I'm doing PAT for outbound traffic). So, I'm having a normal behavior.</P><P></P><P>My question is just this:</P><P>I want confirmation that the static statements above apply only for inbound traffic.</P><P>And, is there a way to make the outgoing traffic NATed to the IP 2.2.2.2 for these servers?</P><P>Something like:</P><P></P><P>nat (inside) 5 192.168.10.2 255.255.255.255</P><P>nat (inside) 5 192.168.10.3 255.255.255.255</P><P>global (outside) 5 2.2.2.2</P><P></P><P>To make the NAT consistent?</P><P></P><P>Thank you!!</P><P></P><P>Federico.</P> Mon, 11 Mar 2019 17:03:22 GMT Federico Coto Fajardo 2019-03-11T17:03:22Z https://community.cisco.com/t5/network-security/port-redirection-question/m-p/1378657#M738021 <P>Hi All,</P><P></P><P>I have an ASA doing port redirection as follows:</P><P></P><P>static (inside,outside) tcp 2.2.2.2 80 192.168.10.2 8080</P><P>static (inside,outside) tcp 2.2.2.2 25 192.168.10.3 2525</P><P></P><P>So, whatever traffic comes to IP 2.2.2.2 on port 80 is redirected to IP 192.168.10.2 to port 8080, and traffic coming to the same IP on port 25, is redirected to IP 192.168.10.3 on port 2525.</P><P></P><P>This works perfectly. But my problem is the following:</P><P></P><P>Traffic sourced from IPs 192.168.10.2 and 192.168.10.3 to the Internet, is not translated to 2.2.2.2, but to the IP of the outside interface of the ASA (because I'm doing PAT for outbound traffic). So, I'm having a normal behavior.</P><P></P><P>My question is just this:</P><P>I want confirmation that the static statements above apply only for inbound traffic.</P><P>And, is there a way to make the outgoing traffic NATed to the IP 2.2.2.2 for these servers?</P><P>Something like:</P><P></P><P>nat (inside) 5 192.168.10.2 255.255.255.255</P><P>nat (inside) 5 192.168.10.3 255.255.255.255</P><P>global (outside) 5 2.2.2.2</P><P></P><P>To make the NAT consistent?</P><P></P><P>Thank you!!</P><P></P><P>Federico.</P> Mon, 11 Mar 2019 17:03:22 GMT https://community.cisco.com/t5/network-security/port-redirection-question/m-p/1378657#M738021 Federico Coto Fajardo 2019-03-11T17:03:22Z https://community.cisco.com/t5/network-security/port-redirection-question/m-p/1378658#M738039 <HTML><HEAD></HEAD><BODY><P>You are correct and this is your solution.</P><P>nat (inside) 5 192.168.10.2 255.255.255.255</P><P>nat (inside) 5 192.168.10.3 255.255.255.255</P><P>global (outside) 5 2.2.2.2</P><P></P><P>Now, why with just the static pat for outbound translation it doesn't get translated to 2.2.2.2</P><P></P><P>Think of this the server 192.168.10.3 going to google. Its source port for example is 33333 and the destination is 80 will it match your static?</P><P></P><P>static (inside,outside) tcp 2.2.2.2 25 192.168.10.3 2525</P><P>Absolutely not.</P><P></P><P>If you have this static 1-1</P><P>static (inside,outside) 2.2.2.2 25 192.168.10.3</P><P>Then it will work for both incoming and out going.</P><P></P><P>I hope I explained it such that you understand if perfectly.</P><P></P><P>-KS</P></BODY></HTML> Fri, 29 Jan 2010 18:06:15 GMT https://community.cisco.com/t5/network-security/port-redirection-question/m-p/1378658#M738039 Kureli Sankar 2010-01-29T18:06:15Z https://community.cisco.com/t5/network-security/port-redirection-question/m-p/1378659#M738058 <HTML><HEAD></HEAD><BODY><P>Perfect!</P><P></P><P>Thank you.</P><P>Federico.</P></BODY></HTML> Fri, 29 Jan 2010 18:28:57 GMT https://community.cisco.com/t5/network-security/port-redirection-question/m-p/1378659#M738058 Federico Coto Fajardo 2010-01-29T18:28:57Z