12-06-2012 10:29 AM - edited 03-11-2019 05:33 PM
Hi All,
I've a quick - I think - ASA NAT question. I have a server in a DMZ of my 8.4 ASA with nat:
object network FTP-SERVER
host 192.168.1.102
nat (dmz,outside) static interface tcp ftp ftp
And that's working well. However, I now need to translate the source address of connections from the outside to the FTP server as well. The aim is that the source address of packets when they reach the FTP server is an address on the DMZ subnet (as the default route for the FTP server now needs to be something else, not the ASA) as well as this outside-dmz NAT. I thought overloading the DMZ interface of the ASA? Or another IP in that range?
Is this a twice-nat issue?
I'm not too sure where to start!
Cheers for your help!
Solved! Go to Solution.
12-09-2012 11:23 PM
On top of the above NAT rule, you can configure the following:
object network obj-outside-dmz
subnet 0.0.0.0 0.0.0.0
nat (outside,dmz) dynamic 192.168.1.x
where 192.168.1.x is a spare ip address in dmz network.
Then "clear xlate" after the addition.
12-09-2012 11:23 PM
On top of the above NAT rule, you can configure the following:
object network obj-outside-dmz
subnet 0.0.0.0 0.0.0.0
nat (outside,dmz) dynamic 192.168.1.x
where 192.168.1.x is a spare ip address in dmz network.
Then "clear xlate" after the addition.
12-14-2012 03:52 AM
Thanks, that's a much more ellegant answer than where I was going with this!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide