Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
5
Helpful
1
Replies

ASA 5525 NAT logic: connection initiator source matters here?

Go to solution
MicJameson1
VIP Alumni
VIP Alumni

‎02-24-2023 11:37 AM

Hello.

"object network SERVER1
nat (dmz,Outside) static 1.1.1.1"

If the connection is initiated from the Outside to the DMZ , and the Outside ACL allows this traffic, will this circuit connect, or will it fail because there is needed an additional NAT rule?

Thank you.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎02-24-2023 11:39 AM

@MicJameson1 that'll work. Traffic sent to the nat ip of 1.1.1.1 will be untranslated to the private IP address of the DMZ server.

You'd obviously need an ACE in the ACL to the private (real) IP address of the server to permit the traffic.

View solution in original post

1 Reply 1

Go to solution
Rob Ingram
VIP
VIP

‎02-24-2023 11:39 AM

@MicJameson1 that'll work. Traffic sent to the nat ip of 1.1.1.1 will be untranslated to the private IP address of the DMZ server.

You'd obviously need an ACE in the ACL to the private (real) IP address of the server to permit the traffic.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card