Hi All,
I have 2 little questions about NAT on ASA.
1. The postnat address at Static command cannot be the ip address of external interface directly?
For example:
If the Outside’s IP address is 100.1.1.1 and the static NAT entry is:
Static (inside,outside) 100.1.1.1 10.1.1.1
This NAT entry doesn’t work. If I want to use the Outside’s IP address, I must type:
Static (inside,outside) interface 10.1.1.1
Am I correct?
==============================================
2. If I write a port redirection static NAT entry, the translation is unidirectional?
For example:
If the DMZ server’s IP address is 10.2.2.2 and the postnat address is 100.1.1.2:
Static (DMZ,Outside) tcp 100.1.1.2 23 10.2.2.2 23
After that, when the DMZ server telnet Outside hosts, it won’t trigger NAT (10.2.2.2 -->-- 100.1.1.2). However, the outside hosts can telnet the DMZ server via telnet 100.1.1.2.
Have I got this right?
Thanks in Advance