Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2971
Views
0
Helpful
6
Replies

Dual NAT with ASA 8.2

Go to solution
Karam Hanna
Level 1
Level 1

‎12-13-2012 12:04 PM - edited ‎03-11-2019 05:37 PM

Hi,

i am trying to configure Dual NAT (source and destination) with multiple subnets in the source, i am trying to figure out how to accomplish this with 8.2 ASA , can anyone help please

Original source 

172.21.113.0/24

10.233.0.0/24

10.229.19.0/24

Original destination

10.1.1.1/32

translated source

208.65.111.1/32

translated destination        

192.168.1.1/32

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Koltl
Level 7
Level 7
In response to Karam Hanna

‎12-13-2012 02:13 PM

Sorry, outbound NAT should be dynamic

access-list NET1 ext permit ip 172.21.113.0 255.255.255.0 host 192.168.1.1

access-list NET1 ext permit ip 10.233.0.0 255.255.255.0 host 192.168.1.1

access-list NET1 ext permit ip 10.229.19.0 255.255.255.0 host 192.168.1.1

access-list NET2 ext permit ip host 10.1.1.1 host 208.65.111.1

nat (inside) 5 access-list NET1

global (outside) 5 208.65.111.1

static (outside,inside) 192.168.1.1 access-list NET2

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Peter Koltl
Level 7
Level 7

‎12-13-2012 12:43 PM

Believe me, it will be much easier to configure it with 8.3 twice NAT.

Anyway, which side is outside and which is inside?

0 Helpful

Go to solution
Karam Hanna
Level 1
Level 1
In response to Peter Koltl

‎12-13-2012 12:47 PM

thanks Peter,

i wish if i can upgrade to 8.3 but i don't have the option,source is behind the inside and destination is behind the outside

0 Helpful

Go to solution
Peter Koltl
Level 7
Level 7
In response to Karam Hanna

‎12-13-2012 01:43 PM

access-list NET1 permit ip 172.21.113.0 255.255.255.0 host 192.168.1.1

access-list NET1 permit ip 10.233.0.0 255.255.255.0 host 192.168.1.1

access-list NET1 permit ip 10.229.19.0 255.255.255.0 host 192.168.1.1

access-list NET2 permit ip host 10.1.1.1 host 192.168.1.1

Correction:

access-list NET2 permit ip host 10.1.1.1 host 208.65.111.1

static (inside,outside) 208.65.111.1 access-list NET1

static (outside,inside) 192.168.1.1 access-list NET2

whew...

I assume 192.168.1.1 is the mapped address that inside hosts will see and 10.1.1.1 is the real address in the outside zone.

Table 12  lists source and destination NAT migration examples.

0 Helpful

Go to solution
Karam Hanna
Level 1
Level 1
In response to Peter Koltl

‎12-13-2012 02:03 PM

Peter,

i am getting this error for NET1

ERROR: access-list used in static has different local addresses

0 Helpful

Go to solution
Peter Koltl
Level 7
Level 7
In response to Karam Hanna

‎12-13-2012 02:13 PM

Sorry, outbound NAT should be dynamic

access-list NET1 ext permit ip 172.21.113.0 255.255.255.0 host 192.168.1.1

access-list NET1 ext permit ip 10.233.0.0 255.255.255.0 host 192.168.1.1

access-list NET1 ext permit ip 10.229.19.0 255.255.255.0 host 192.168.1.1

access-list NET2 ext permit ip host 10.1.1.1 host 208.65.111.1

nat (inside) 5 access-list NET1

global (outside) 5 208.65.111.1

static (outside,inside) 192.168.1.1 access-list NET2

0 Helpful

Go to solution
Karam Hanna
Level 1
Level 1
In response to Peter Koltl

‎12-13-2012 02:24 PM

thank you Peter, it works like a charm, much appreciated

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card