Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
0
Helpful
3
Replies

NAT Outside IP to Inside

Touseef Gulgundi
Cisco Employee
Cisco Employee

‎05-31-2016 06:54 AM - edited ‎03-12-2019 12:49 AM

Hi All,

I have a private IP from one of our partner x.x.x.x and would like to nat it. Only our internal users will be initiating connection towards this IP. 

What should the NAT statement look like on ASA 8.5 if have to NAT the outside ip to Y.Y.Y.Y.

object-group out-nat

host x.x.x.x (outside IP)

nat(outside,inside) static Y.Y.Y.Y (internal ip)

I tried this but its not working nothing is getting translated when I do show xlate. While I can see the ICMP packets reaching firewall.  

Labels:
0 Helpful
3 Replies 3

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎05-31-2016 10:28 AM

Hi Touseef,

The config looks fine.

Could you share the packet tracer output for this concerned traffic ?

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful

Akshay Rastogi
Cisco Employee
Cisco Employee

‎05-31-2016 05:55 PM

Hi Tauseef,

This statement means, if anybody try to access Y.Y.Y.Y from inside interface, it would redirect the traffic to X.X.X.X on outside. Is it what you want? why would internal users would initiate connection to Private IP?

Behind what interface you have this Y.Y.Y.Y? If it is behind Inside interface and you want to access this Inside partner through public IP, then you need to configure something called U-Turning.

configure something like:

nat(inside,inside) source dynamic any interface destination static <public-ip-object> <priviate-ip-object>

same security permit-intra-interface

I hope this helps.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

0 Helpful

Touseef Gulgundi
Cisco Employee
Cisco Employee
In response to Akshay Rastogi

‎06-21-2016 09:09 PM

Hi Akshay,

X.X.X.X is an acquisition and have an private IP address overlaps with our IP address. And  client cannot re-IP in this case.

Its just a single IP which we will be accessing in their network. So we want to do a nat (public)on the firewall and route this IP inside our network.

X.X.X.X is behind the outside interface. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card