Solved: Re: Asa source and destination nat

bartbruninx · ‎02-27-2009

Hi,

In a very specific situation there is a need to do address translation of both the source and destination address of a connection.

Is this possible with the asa?

Tnx

Jon Marshall · ‎02-27-2009

Yes it's possible. Assuming you are doing it from inside to outside here's an example -

src address of host = 192.168.5.10

destination address = 212.12.12.1

You want to NAT the src address to 195.12.12.1

You want to present the destination address to the inside host as 172.16.10.1

So from the host 192.168.5.10 you would connect to 172.16.10.1. When the traffic passes through the ASA the src changes to 195.12.12.1 and the destination changes to 212.12.12.1

static (inside,outside) 195.12.12.1 192.168.5.10 netmask 255.255.255.255

static (outside,inside) 172.16.10.1 212.12.12.1 netmask 255.255.255.255

Jon

View solution in original post

Jon Marshall · ‎02-27-2009

Yes it's possible. Assuming you are doing it from inside to outside here's an example -

src address of host = 192.168.5.10

destination address = 212.12.12.1

You want to NAT the src address to 195.12.12.1

You want to present the destination address to the inside host as 172.16.10.1

So from the host 192.168.5.10 you would connect to 172.16.10.1. When the traffic passes through the ASA the src changes to 195.12.12.1 and the destination changes to 212.12.12.1

static (inside,outside) 195.12.12.1 192.168.5.10 netmask 255.255.255.255

static (outside,inside) 172.16.10.1 212.12.12.1 netmask 255.255.255.255

Jon

bartbruninx · ‎02-27-2009

Ok. tnx.

I assume the same principle can be done with policy based nat in both directions?

Jon Marshall · ‎02-27-2009

Never done it with policy NAT but can't see any reason why it wouldn't work.

Jon

vikram_anumukonda · ‎02-27-2009

It is possible by using 2 seperate static statements, one doing destination nat and the other doing a normal static nat ( source static nat ).

HTH

Vikram