Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
1
Replies

ASA NAT rules question

Tejas Kunte
Level 1
Level 1

‎09-27-2011 08:13 AM - edited ‎03-11-2019 02:30 PM

i have an ASA 5520 8.4(1) with following config

interface GigabitEthernet0/0

nameif WAN

security-level 0

ip address 216.52.185.33 255.255.255.240 standby 216.52.185.34

!

interface GigabitEthernet0/1

nameif DMZ

security-level 50

ip address 216.52.185.49 255.255.255.240 standby 216.52.185.50

!

interface GigabitEthernet0/2

nameif Production

security-level 100

ip address 10.11.27.11 255.255.255.0 standby 10.11.27.12

i need traffic (port 9350) from DMZ and WAN forwarded to object Production_23 port 3389

how do i achieve this ?

if i try to do the below config, it gets overwritten.i can either specify the WAN rule or DMZ rule not both

object network PROD_23

nat (Production,WAN) static WAN_35 service tcp 3389 9350

nat (Production,DMZ) static DMZ_54 service tcp 3389 9350

i have the necessary ACLs in place.

Labels:
0 Helpful
1 Reply 1

varrao
Level 10
Level 10

‎09-27-2011 08:41 AM

Hi Tejas,

You woudl not be able to do it. You can only define one nat statement under one object, doing multiple would replace the previous one. If you have to add another nat statement, you would need to do this:

object network PROD_23

nat (Production,WAN) static WAN_35 service tcp 3389 9350

object network PROD_23_second

  host xx.xx.xx.xx

  nat (Production,DMZ) static DMZ_54 service tcp 3389 9350

Then only it would work.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card