cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
609
Views
0
Helpful
1
Replies

ASA 8.3 Policy NAT

Mudasir Abbas
Level 1
Level 1

Scenario Detail:

Outside interface IP ASA: 1.1.1.1

Inside Interface IP ASA:  2.2.2.1

Public IP Address for NAT: 1.1.1.10

Server1 IP Address: 10.10.10.10: 25

Server2 IP Address: 11.11.11.10: 443

1)

Server1 has a default route to ASA: No issues.

2)

Server2 does not have a default route ASA     

Initially distend for Public IP 1.1.1.10:443 is statically NATed to server2 11.11.11.10:443.

Server2 does not have a default route to ASA, in that case ASA can route to Server2 but Server2 can not route back to ASA for Internet Addresses.

To overcome this situation, I think, I should translate internet (any) addresses (Sources Addresses) to ASA indside interface IP Address.

So the Server2 sees this connection coming from ASA inside address.

-Two NATs are required

1)

Static 11.11.11.10:443 > 1.1.1.10:443

2)

a. Any > 1.1.1.10:443

First Translation through Static NAT:

b. Any > 11.11.11.10:443

Second Translation of Source Address (internet Address):

c. 2.2.2.1 > 11.11.11.10:443

Is it Doable? if Yes, What would be the syntex for ASA 8.3?

Please do let me know I missed something...

Your help will be highly appecited.

Mudasir

1 Reply 1

Luis Silva Benavides
Cisco Employee
Cisco Employee