12-13-2012 12:04 PM - edited 03-11-2019 05:37 PM
Hi,
i am trying to configure Dual NAT (source and destination) with multiple subnets in the source, i am trying to figure out how to accomplish this with 8.2 ASA , can anyone help please
Original source
172.21.113.0/24
10.233.0.0/24
10.229.19.0/24
Original destination
10.1.1.1/32
translated source
208.65.111.1/32
translated destination
192.168.1.1/32
Solved! Go to Solution.
12-13-2012 02:13 PM
Sorry, outbound NAT should be dynamic
access-list NET1 ext permit ip 172.21.113.0 255.255.255.0 host 192.168.1.1
access-list NET1 ext permit ip 10.233.0.0 255.255.255.0 host 192.168.1.1
access-list NET1 ext permit ip 10.229.19.0 255.255.255.0 host 192.168.1.1
access-list NET2 ext permit ip host 10.1.1.1 host 208.65.111.1
nat (inside) 5 access-list NET1
global (outside) 5 208.65.111.1
static (outside,inside) 192.168.1.1 access-list NET2
12-13-2012 12:43 PM
Believe me, it will be much easier to configure it with 8.3 twice NAT.
Anyway, which side is outside and which is inside?
12-13-2012 12:47 PM
thanks Peter,
i wish if i can upgrade to 8.3 but i don't have the option,source is behind the inside and destination is behind the outside
12-13-2012 01:43 PM
access-list NET1 permit ip 172.21.113.0 255.255.255.0 host 192.168.1.1
access-list NET1 permit ip 10.233.0.0 255.255.255.0 host 192.168.1.1
access-list NET1 permit ip 10.229.19.0 255.255.255.0 host 192.168.1.1
access-list NET2 permit ip host 10.1.1.1 host 192.168.1.1
Correction:
access-list NET2 permit ip host 10.1.1.1 host 208.65.111.1
static (inside,outside) 208.65.111.1 access-list NET1
static (outside,inside) 192.168.1.1 access-list NET2
whew...
I assume 192.168.1.1 is the mapped address that inside hosts will see and 10.1.1.1 is the real address in the outside zone.
Table 12 lists source and destination NAT migration examples.
12-13-2012 02:03 PM
Peter,
i am getting this error for NET1
ERROR: access-list used in static has different local addresses
12-13-2012 02:13 PM
Sorry, outbound NAT should be dynamic
access-list NET1 ext permit ip 172.21.113.0 255.255.255.0 host 192.168.1.1
access-list NET1 ext permit ip 10.233.0.0 255.255.255.0 host 192.168.1.1
access-list NET1 ext permit ip 10.229.19.0 255.255.255.0 host 192.168.1.1
access-list NET2 ext permit ip host 10.1.1.1 host 208.65.111.1
nat (inside) 5 access-list NET1
global (outside) 5 208.65.111.1
static (outside,inside) 192.168.1.1 access-list NET2
12-13-2012 02:24 PM
thank you Peter, it works like a charm, much appreciated
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide