05-12-2010 06:29 AM - edited 03-11-2019 10:44 AM
Is it possible to get the "twiceNat" feature out of 8.0.4? Here is the link to 8.3's twice nat.
In short
Asa Inside 192.168.30.1/24
Outside-- 4.4.4.4 (filler IP)
DMZ network 192.168.20.1/24.
DMZ connects to a router that has a 10.10.10.10, 10.10.10.20, and a 172.16.30.1, 172.16.30.2 Servers.
I would like to do the following if possible
Use my Inside 192.168.30.0/24 as the primary inside nat. This nat would map to and IP's in the DMZ that is mapped to 10.10.10.10, 10.10.10.20.
Trying to keep from having to introduce external subnets into my network. of 8 sites.
The perfect solution, would contact 192.168.30.10 that NATs to 192.168.20.10. 192.168.20.10 would be NAT to 10.10.10.10.
unit is a Asa 5505
05-12-2010 06:34 AM
Not supported on any version of ASA to double NAT on the ASA.
Twice NAT on version 8.3 does not mean double NATing, it just means you can NAT both the source and destination at the same time with 1 NAT statement. It does not mean you can NAT the packet twice.
Hope that confirms your question.
05-12-2010 03:02 PM
Not sure if I misunderstood your question, but "192.168.30.10 NATed to 192.168.20.10 and 192.168.20.10 NATed to 10.10.10.10." can be done depending on how you want to set it up and between what interfaces.
PK
05-12-2010 03:28 PM
Yes, I understand.
What I wanted to do, was not have to add routes to those 10.10.x.x IP's.
Just contact a 192.168.30.10 IP that will do a proxy to the 10.10.x.x IP.
05-13-2010 07:02 AM
NAT will do that.
For example if you have
static (inside,outside) 10.10.30.10 192.168.30.10
then the ASA will proxy on the outside for 10.10.30.10. And when it sees a packet destined to that ip it will forward it to 192.168.30.10 on the inside.
I hope it makes sense.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide