04-23-2013 07:39 AM - edited 03-11-2019 06:33 PM
Hi all,
Is it possible to NAT source & destination addresses (twice nat) on an ASA5520 running 7.2(5) ?
04-23-2013 07:58 AM
Hi,
Might be possible with using 2 Policy NAT configurations but to be honest I never used this kind of setup in a production environment.
And now that we have moved to the new software its easier to do with a single "nat" configuration command for both source and destination.
Maybe you could give a better description on what you are actually trying to achieve?
- Jouni
04-23-2013 08:11 AM
Hi JouniForss, thanks for the reply.
I have traffic coming through the ASA and I need it to present on the other side of the ASA on a particular source & destination IP.
Source
1.1.1.1
Destination
2.2.2.2
Natted Source
3.3.3.3
Natted Destination
4.4.4.4
04-23-2013 08:28 AM
Hi,
Do notice that even if the actual NAT configuration I suggest would be correct, it might still require some routing additions depending on the actual setup where this is used.
access-list IN-OUT-POLICYNAT permit ip host 1.1.1.1 host 4.4.4.4
static (inside,outside) 3.3.3.3 access-list IN-OUT-POLICYNAT
access-list OUT-IN-POLICYNAT permit ip host 2.2.2.2 host 3.3.3.3
static (outside,inside) 4.4.4.4 access-list OUT-IN-POLICYNAT
Also, have a look at this discussion I answered some time ago that related to similiar situation.
https://supportforums.cisco.com/message/3903621
Remember to mark the question as answered if it did or rate helpfull answers. Otherwise ask more if needed
- Jouni
04-23-2013 09:11 AM
Following should do it
acl ABC 1.1.1.1 to 2.2.2.2
static (inside,outside) 3.3.3.3 access-list ABC
static (outside,inside) 2.2.2.2 4.4.4.4
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: