11-21-2013 08:05 AM - edited 03-11-2019 08:07 PM
What is the new 8.3+ "coding" for the NAT translation below from an 8.2 ASA? I'm running 9.1.2 on a 5512X
static (WebTestInside,outside) tcp 172.31.0.14 https 192.168.20.14 https netmask 255.255.255.255 dns
I basically want the translation to be used for htttps only. Otherwise the host should use the interface NAT.
Here's what I've tried, but it doesn't want to let me do the port translation and the dns rewrite. It will let me do one or the other, not both.
nat (any,outside) source dynamic any interface
object network WebInsideNAT-192.168.20.14
host 192.168.20.14
It will let me do this
object network WebInsideNAT-192.168.20.14
nat (WebTestInside,outside) static 172.31.0.14 dns
or
object network WebInsideNAT-192.168.20.14
nat (WebTestInside,outside) static 172.31.0.14 service tcp 443 443
but not both
object network WebInsideNAT-192.168.20.14
nat (WebTestInside,outside) static 172.31.0.14 service tcp 443 443 dns
11-24-2013 08:48 AM
PAT with DNS rewrite is not supported, which is why you can only do dns rewrite when performing NAT and not PAT.
DNS rewrite is not compatible with static Port Address Translation (PAT) because multiple PAT rules are applicable for each A-record, and the PAT rule to use is ambiguous.
--
Please rate all helpful posts.
12-11-2013 03:42 PM
So it just happened to work on the earlier code? That stinks. Oh well.
12-11-2013 11:52 PM
Please remember to rate and select a correct answer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide