09-02-2011 03:44 AM - edited 03-11-2019 02:20 PM
Hi there
I am after some guidance on how to configure a NAT scenario via a Cisco ASA running 8.04.
Here is the scenario:
I have a server cluster of 2 hosts and a virtual ip on the inside network.
Server 1: 1.1.1.1
Server 2: 1.1.1.2
Virtual IP: 1.1.1.3
These hosts need to initiate connections to a target host 5.5.5.5 on the Outside network
All 3 inside host ip addresses need to be NAT'd to the same single NAT IP when initiating connections through the ASA to the outside host.
So for example: I need 1.1.1.1, 1.1.1.2 & 1.1.1.3 to be NAT'd at the ASA to lets say 3.3.3.3 when targeting 5.5.5.5
The host on the Outside network (5.5.5.5) also needs to initiate connections to the virtual IP of the inside server cluster and so will need to target the same single NAT (3.3.3.3) the insidwe hosts are seen as.
I am think static policy nat may be the way to go but because both inside and outside hosts need to initiate connections I am a little unsure on the best way to achieve this.
I hope that is clear and would greatly appreciate and help with this!
Many thanks
Ross
Solved! Go to Solution.
09-02-2011 06:29 AM
09-02-2011 04:07 AM
Hi Ross,
This should work for both directions:
static (inside,outside) 3.3.3.3 access-list abc
access-list abc permit ip host 1.1.1.1 host 5.5.5.5
access-list abc permit ip host 1.1.1.2 host 5.5.5.5
access-list abc permit ip host 1.1.1.3 host 5.5.5.5
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cfgnat.html#wp1042553
Hope this helps!
Regards,
Anu
09-02-2011 04:16 AM
Hi Anu
Thanks for the quick reply.
So what type of NAT rule is the example you have given?
Many thanks
Ross
09-02-2011 06:29 AM
Hi Ross,
This is Static policy NAT.
Regards,
Anu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide