About NAT

vinodhanjv · ‎09-02-2016

Hi all,

What will happen , if the below NAT statement is configured in ASA firewall.

What action will happen. Please explain me in detail.

nat (dmz-public,inside) source static net-dmz-public net-dmz-public destination static gpspersonneldoc.saipem.com dmz_f5_gpspersonnel

object network gpspersonneldoc.saipem.com
host 10.0.1.2
description WEBSITE IP - F5 VLAN DATACENTER

object network dmz_f5_gpspersonnel
description gpspersonneldoc.saipem.com - F5 IP ON INTERNET SERVICES DMZ - SDM
host 10.131.5.1

Regards,

Vinodhan.

Pawan Raut · ‎09-02-2016

If traffic initiated from any source from object-group net-dmz-public to destination 10.0.1.2 then destination IP will change to 10.131.5.1.

Regards,

Pawan (CCIE 52104)

Kindly rate for useful post

vinodhanjv · ‎09-02-2016

Hi Pawan,

Thanks for you information.

I have one more question , In source side ,Why same object groups is configured for two times.

nat (dmz-public,inside) source static net-dmz-public net-dmz-public destination static gpspersonneldoc.saipem.com dmz_f5_gpspersonnel

Pawan Raut · ‎09-02-2016

syntax of nat is nat source static real IP NAT IP destination real IP NAT IP.

If source has same real and Map IP then it means source IP will not nat and it will be same

vinodhanjv · ‎09-02-2016

Hi pawan,

Thank you so much for the info.

Regards,

Vinodhan

vinodhanjv · ‎09-02-2016

Hi pawan,

One more clarification , as you said above this ip : 10.0.1.2 is mapped to this ip:10.131.5.1.

That means from net-dmz-public , only they can see this ip:10.131.5.1 only.

Am I right?

Whether I have understood correctly. If I am wrong please correct me.