03-28-2014 02:33 PM - edited 03-11-2019 09:00 PM
Hello,
I would like to be able to pat a device based on the destination port. For example:
10.10.10.49 (any source any destination) ---- 10.10.10.50 (asa) ----- PAT to ----- 222.222.222.222
But also be able to do this:
10.10.10.49 (any source, destination port 25) ---- 10.10.10.50 (asa) -----PAT to ----- 223.223.223.223
Is this possible to do with ASA version 9.1?
Solved! Go to Solution.
03-30-2014 06:32 PM
Hello,
It is possible with Twice Nat Dan.
So first of all
10.10.10.49 (any source any destination) ---- 10.10.10.50 (asa) ----- PAT to ----- 222.222.222.222
For that one you could simply do a one to one translation or a PAT which does not makes sense to do a PAT for just a single IP address
10.10.10.49 (any source, destination port 25) ---- 10.10.10.50 (asa) -----PAT to ----- 223.223.223.223
For this one you can do
object service TCP_SMTP_Destination
service tcp destination eq 25
object network host_10.10.10.49
host 10.10.10.49
object host host_223.223.223.223
Then
nat (inside,outside) source dynamic host_10.10.10.49 host_223.223.223.223 destination static any any service TCP_SMTP_Destination TCP_SMTP_Destination
Makes sense?
Regards
03-30-2014 06:32 PM
Hello,
It is possible with Twice Nat Dan.
So first of all
10.10.10.49 (any source any destination) ---- 10.10.10.50 (asa) ----- PAT to ----- 222.222.222.222
For that one you could simply do a one to one translation or a PAT which does not makes sense to do a PAT for just a single IP address
10.10.10.49 (any source, destination port 25) ---- 10.10.10.50 (asa) -----PAT to ----- 223.223.223.223
For this one you can do
object service TCP_SMTP_Destination
service tcp destination eq 25
object network host_10.10.10.49
host 10.10.10.49
object host host_223.223.223.223
Then
nat (inside,outside) source dynamic host_10.10.10.49 host_223.223.223.223 destination static any any service TCP_SMTP_Destination TCP_SMTP_Destination
Makes sense?
Regards
05-09-2018 02:25 AM
Hi:
how will it be done if my internal network a /24 (being natted too) needs to reach to a outside destination with regular port 22 but traffic coming back from outside to my internal network (the natted address) which now will communicate to one of internal host but on port 5530 for example. All internal hosts have the same public. the only difference is each internal host has different port number?
how will that work? will it be the same scenario like the nat you mention here? just instead of dynamic its static?
nat (inside,outside) source dynamic host_10.10.10.49 host_223.223.223.223 destination static any any service TCP_SMTP_Destination TCP_SMTP_Destination
03-31-2014 06:59 AM
Yes this all makse sense. I will give it a try.
Thanks,
Dan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide