Varun,

Thanks for your confirmation.

If I wanted to nat the same host to another interface is the config below valid where I would have 2 nats for the object My_PC

ASA(config)# object network My_PC
ASA(config-network-object)# host 192.168.33.2
ASA(config-network-object)# nat (inside,outside) static 209.165.201.2

ASA(config-network-object)# nat (inside,dmz) static 172.16.100.100

thanks

Ian.

Ian,

Yes you can create two nats but for different interafaces. The configuration is good and it should definitely work.

Similarly you can also create the below NAT configuration as well, its just the same but its called Manual NAT or twice nat.

ASA(config)# object network My_PC
ASA(config-network-object)# host 192.168.33.2

ASA(config)#object network Public_IP

ASA(config-network-object)# host 209.165.201.2

ASA(config)# object network Remote_PC

ASA(config-network-object)# host 172.16.100.100

nat (inside,outside) source static My_PC Public_IP

nat (inside,dmz) source static  My_PC  Remote_PC

or

nat (outside,inside) source static any any destination static Public_IP My_PC

nat (dmz,inside) source static any any destination static Remote_PC My_PC

All the above configuration and the one that you have done are exactly same logically and hold true, but I just prefer it because in the context of a packet processing, manual nat is given preference over auto nat or object nat, so if there are some critical servers or application I usuall do Manual nat for them.

Otherwise you can go for anything that you are comfortable with.

Hope this helps.

Thanks,

Varun

Varun,

Thansk for the detailed response. Much appreciated.

Ian.

Not a problem, you can message me on this thread if you face any issues with the configuration

Cheers,

Varun