ASA 5520 7.2 Source & Destination nat

e2042525a · ‎04-23-2013

Hi all,

Is it possible to NAT source & destination addresses (twice nat) on an ASA5520 running 7.2(5) ?

Jouni Forss · ‎04-23-2013

Hi,

Might be possible with using 2 Policy NAT configurations but to be honest I never used this kind of setup in a production environment.

And now that we have moved to the new software its easier to do with a single "nat" configuration command for both source and destination.

Maybe you could give a better description on what you are actually trying to achieve?

- Jouni

e2042525a · ‎04-23-2013

Hi JouniForss, thanks for the reply.

I have traffic coming through the ASA and I need it to present on the other side of the ASA on a particular source & destination IP.

Source
1.1.1.1

Destination

2.2.2.2

Natted Source

3.3.3.3

Natted Destination

4.4.4.4

Jouni Forss · ‎04-23-2013

Hi,

Do notice that even if the actual NAT configuration I suggest would be correct, it might still require some routing additions depending on the actual setup where this is used.

access-list IN-OUT-POLICYNAT permit ip host 1.1.1.1 host 4.4.4.4

static (inside,outside) 3.3.3.3 access-list IN-OUT-POLICYNAT

access-list OUT-IN-POLICYNAT permit ip host 2.2.2.2 host 3.3.3.3

static (outside,inside) 4.4.4.4 access-list OUT-IN-POLICYNAT

Also, have a look at this discussion I answered some time ago that related to similiar situation.

https://supportforums.cisco.com/message/3903621

Remember to mark the question as answered if it did or rate helpfull answers. Otherwise ask more if needed

- Jouni

abcdrohan · ‎04-23-2013

Following should do it

acl ABC 1.1.1.1 to 2.2.2.2

static (inside,outside) 3.3.3.3 access-list ABC

static (outside,inside) 2.2.2.2 4.4.4.4