05-31-2016 06:54 AM - edited 03-12-2019 12:49 AM
Hi All,
I have a private IP from one of our partner x.x.x.x and would like to nat it. Only our internal users will be initiating connection towards this IP.
What should the NAT statement look like on ASA 8.5 if have to NAT the outside ip to Y.Y.Y.Y.
object-group out-nat
host x.x.x.x (outside IP)
nat(outside,inside) static Y.Y.Y.Y (internal ip)
I tried this but its not working nothing is getting translated when I do show xlate. While I can see the ICMP packets reaching firewall.
05-31-2016 10:28 AM
Hi Touseef,
The config looks fine.
Could you share the packet tracer output for this concerned traffic ?
Regards,
Aditya
Please rate helpful posts and mark correct answers.
05-31-2016 05:55 PM
Hi Tauseef,
This statement means, if anybody try to access Y.Y.Y.Y from inside interface, it would redirect the traffic to X.X.X.X on outside. Is it what you want? why would internal users would initiate connection to Private IP?
Behind what interface you have this Y.Y.Y.Y? If it is behind Inside interface and you want to access this Inside partner through public IP, then you need to configure something called U-Turning.
configure something like:
nat(inside,inside) source dynamic any interface destination static <public-ip-object> <priviate-ip-object>
same security permit-intra-interface
I hope this helps.
Regards,
Akshay Rastogi
Remember to rate helpful posts.
06-21-2016 09:09 PM
Hi Akshay,
X.X.X.X is an acquisition and have an private IP address overlaps with our IP address. And client cannot re-IP in this case.
Its just a single IP which we will be accessing in their network. So we want to do a nat (public)on the firewall and route this IP inside our network.
X.X.X.X is behind the outside interface.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: