12-25-2011 11:51 PM - edited 03-11-2019 03:06 PM
HI all.
has anyone done this ?
i'm aware to the limitations :
•In transparent mode, you must specify the real and mapped interfaces; you cannot use any.
•In transparent mode, you cannot configure interface PAT, because the transparent mode interfaces do not have IP addresses. You also cannot use the management IP address as a mapped address.
the question is can it be done?
12-26-2011 02:11 AM
Your task is not clear. May you explain what do you want to do?
12-26-2011 10:00 AM
Hello Ofir,
If your question is :
-Is Twice nat supported on transparent mode?
The answer is yes, it is supported, of course you will need to follow the limitations you have described to build the twice nat properly.
Regards,
Julio
12-26-2011 12:47 PM
Hi all
thank you for your posts,
i need to perform bi-driectional nat (souce and destination) , will twice nat be usefull to me
or simple source and destination nat will be enough?
12-26-2011 01:02 PM
Hello Ofir,
Twice nat is the one you are looking for, that one will help you trying to set this nat rule up.
Please do rate helpful posts.
Regards,
Julio
12-26-2011 01:04 PM
Hi Julio,
can you please post sample configuration for twice nat in TP mode?
TIA
12-26-2011 01:12 PM
Hello Ofir,
The configuration of the nat is the same one as on router mode
Lets say inside host 10.2.1.2 is going to be natted on the outside to 2.2.2.2 when it goes to 3.3.3.3
Here is the configuration to accomplish this
Object network inside-host
host 10.2.1.2
object network nat-ip
host 2.2.2.2
object network destination-outside
host 3.3.3.3
nat (inside,outside) source static inside-host nat-ip destination static destination-outside destination-outside
Hope this helps,
Julio!!
12-26-2011 01:14 PM
Hi Julio,
and what about the other direction, can it be natted also?
12-26-2011 01:22 PM
Hello Ofir,
Yes, it can be done as well, the NAT feature will work the same way except for the limitations you have explained:
•In transparent mode, you must specify the real and mapped interfaces; you cannot use any.
•In transparent mode, you cannot configure interface PAT, because the transparent mode interfaces do not have IP addresses. You also cannot use the management IP address as a mapped address.
Regards,
Do please rate helpful post
Julio
12-26-2011 01:26 PM
Hi Julio,
do i need to configure addional nat rule or the asa will maitain the nat state on both directions?
what if i would like to hide both sides of the asa using different segments, how will the configuration look like?
TIA
12-26-2011 01:29 PM
Hello Ofir,
Lets say inside host 10.2.1.2 is going to be natted on the outside to 2.2.2.2 when it goes to 3.3.3.3 witch in fact is 10.3.1.2, so you will hide both sides.
Here is the configuration to accomplish this
Object network inside-host
host 10.2.1.2
object network nat-ip
host 2.2.2.2
object network destination-outside
host 3.3.3.3
object network destination-host
host 10.3.1.2
nat (inside,outside) source static inside-host nat-ip destination static destination-outside destination-host
So when the inside user goes to 3.3.3.3 he will be natted to 2.2.2.2 and the destination as well be natted to 10.3.1.2.
Is this what you are asking for?
12-26-2011 01:32 PM
Hi Julio,
is there a limitation when these the 10.2 and 10.3 networks are not directly connected to the asa?
is proxy nat needed for this kind of configuration?
12-26-2011 01:45 PM
Hello Ofir,
Not at all you can still do it, the ASA will proxy arp the global ip address for the inside user, in this example will proxy arp the 2.2.2.2..
Regards,
Julio
12-26-2011 01:51 PM
Hi Julio,
i think i missed something..
using one nat rule , when 10.3 network will initiate traffic to 2.2.2.2 it will match this nat rule?
12-26-2011 02:06 PM
Hello Ofir,
Nope, when 10.3.1.2 the nat rule will take place as well.
Static is bi-derectional.
Regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide