12-25-2011 11:51 PM - edited 03-11-2019 03:06 PM
HI all.
has anyone done this ?
i'm aware to the limitations :
•In transparent mode, you must specify the real and mapped interfaces; you cannot use any.
•In transparent mode, you cannot configure interface PAT, because the transparent mode interfaces do not have IP addresses. You also cannot use the management IP address as a mapped address.
the question is can it be done?
12-26-2011 02:12 PM
Hi Julio,
how will the acl look like' natted network to natted network?
is there any limitation with protocol inspection while using twice nat such as icmp?
12-26-2011 02:36 PM
Hello,
Lets start all over again.
Inside network user (192.168.10.2)------------ASA------Outside------------------(4.2.2.2)------------166.168.13.2(User)
And you want to nat the inside user to 3.3.3.3 when it goest to 4.2.2.2
You also want to nat the user 166.168.13.2 to 4.2.2.2 when it hits 3.3.3.3
So the nat would be
nat (inside,outside) source static 192.168.10.2 3.3.3.3 destination static 166.168.13.2 4.2.2.2
The ACL should be :
access-list out_in permit 4.2.2.2 any
access-group out_in in interface outside
Please rate helpful posts.
Julio
12-27-2011 10:46 PM
HI Julio,
how the routing table on the ASA will look like - it's in TP mode
let say that the management ip of the asa is 5.5.5.5
12-28-2011 09:36 AM
Hello Ofir,
Well as you know on Transparent mode you only can have static routes so as an example here is the show route from one of the ASAs on my lab:
Show route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is xxx.xxx.xxx.xx to network 0.0.0.0
S* 0.0.0.0 0.0.0.0 [1/0] via xx.xx.xx.xx, outside
Remember that the ASA uses both the Xlate table and the Routing table to route packets.
Regards,
Do please rate helpful posts.
Julio
12-31-2011 10:04 PM
Julio,
Happy new year!
how can i translate all the inside lan to new lan :
Inside network LAN(192.168.10.0)------(3.3.3.0)------ASA------Outside------------------(4.2.2.0)------------166.168.13.0(LAN)
And you want to nat the inside user to 3.3.3.0 when it goest to 4.2.2.0
You also want to nat the user 166.168.13.0 to 4.2.2.0 when it hits 3.3.3.0
how the nat would be and the ACL ?
01-01-2012 02:19 PM
Hello Ofir,
Happy new year!
object network Local_LAN
subnet 192.168.10.0 255.255.255.0
object network Public_External_LAN
subnet 4.2.2.0 255.255.255.0
object network Public_Local
subnet 3.3.3.0 255.255.255.0
Object network External_Lan
subnet 166.168.13.0 255.255.255.0
nat (inside,outside) source static Local_LAN Public_Local destination static Public_External_LANPublic_External_LAN
nat (outside,inside) source static External_Lan Public_External_LAN destination static Public_Local Public_Local
That should do it!
Do rate helpful posts
Julio
01-03-2012 01:14 PM
Hi Julio,
Any known limition with nat translation table size, let say that all the networks are class A ( /8 )
can the asa handle such amount of one to one translations?
01-03-2012 01:29 PM
Hello,
Not a problem the ASA will handle those translations, do not worry for that.
Julio
If this answer your question please mark the question as answered.
Regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide